admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:59:17 +00:00
parent 8c5571b4a9
commit ff2e3f6055
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
55 changed files with 3693 additions and 3693 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2004/1xxx/CVE-2004-1078.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1078", "ID": "CVE-2004-1078",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050426 Citrix Program Neighborhood Agent Buffer Overflow", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://www.idefense.com/application/poi/display?id=238&type=vulnerabilities" "lang": "eng",
}, "value": "Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element."
{ }
"name" : "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650", ]
"refsource" : "CONFIRM", },
"url" : "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15108", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15108" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "15108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15108"
},
{
"name": "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/kb/entry.jspa?externalID=CTX105650"
},
{
"name": "20050426 Citrix Program Neighborhood Agent Buffer Overflow",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=238&type=vulnerabilities"
}
]
}
}

140
2004/1xxx/CVE-2004-1532.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1532", "ID": "CVE-2004-1532",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20041118 AppServ 2.5.x and Prior Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110079586328430&w=2" "lang": "eng",
}, "value": "AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access."
{ }
"name" : "11704", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/11704" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "appserv-default-account(18163)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18163" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20041118 AppServ 2.5.x and Prior Exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110079586328430&w=2"
},
{
"name": "11704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11704"
},
{
"name": "appserv-default-account(18163)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18163"
}
]
}
}

160
2004/1xxx/CVE-2004-1679.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1679", "ID": "CVE-2004-1679",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040913 Directory Traversal Vulnerability in TwinFTP Server allows overwriting of files outside FTP directory", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=109509243831121&w=2" "lang": "eng",
}, "value": "Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands."
{ }
"name" : "http://www.security.org.sg/vuln/twinftp103r2.html", ]
"refsource" : "MISC", },
"url" : "http://www.security.org.sg/vuln/twinftp103r2.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "11159", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/11159" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "12511", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/12511/" ]
}, },
{ "references": {
"name" : "twinftp-argument-directory-traversal(17323)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17323" "name": "20040913 Directory Traversal Vulnerability in TwinFTP Server allows overwriting of files outside FTP directory",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=109509243831121&w=2"
} },
} {
"name": "twinftp-argument-directory-traversal(17323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17323"
},
{
"name": "http://www.security.org.sg/vuln/twinftp103r2.html",
"refsource": "MISC",
"url": "http://www.security.org.sg/vuln/twinftp103r2.html"
},
{
"name": "12511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12511/"
},
{
"name": "11159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11159"
}
]
}
}

190
2004/1xxx/CVE-2004-1947.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2004-1947", "ID": "CVE-2004-1947",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20040419 BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=108240639427412&w=2" "lang": "eng",
}, "value": "The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab."
{ }
"name" : "20040420 Re: BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=108248367901616&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "10174", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/10174" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "10175", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/10175" ]
}, },
{ "references": {
"name" : "5549", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/5549" "name": "bitdefender-avxscanonline-code-execution(15911)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15911"
"name" : "1009862", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1009862" "name": "10174",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/10174"
"name" : "11427", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11427" "name": "20040420 Re: BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=108248367901616&w=2"
"name" : "bitdefender-avxscanonline-code-execution(15911)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/15911" "name": "11427",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/11427"
} },
} {
"name": "10175",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10175"
},
{
"name": "1009862",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009862"
},
{
"name": "5549",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5549"
},
{
"name": "20040419 BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=108240639427412&w=2"
}
]
}
}

180
2008/3xxx/CVE-2008-3210.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3210", "ID": "CVE-2008-3210",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows remote attackers to cause a denial of service (daemon crash) via a SIP (1) INVITE or (2) OPTIONS message with a long domain name in a request URI, which triggers an assert error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6046", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6046" "lang": "eng",
}, "value": "rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows remote attackers to cause a denial of service (daemon crash) via a SIP (1) INVITE or (2) OPTIONS message with a long domain name in a request URI, which triggers an assert error."
{ }
"name" : "http://labs.mudynamics.com/advisories/MU-200807-01.txt", ]
"refsource" : "MISC", },
"url" : "http://labs.mudynamics.com/advisories/MU-200807-01.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.resiprocate.org/ReSIProcate_1.3.3_Release", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.resiprocate.org/ReSIProcate_1.3.3_Release" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30194", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/30194" ]
}, },
{ "references": {
"name" : "31058", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31058" "name": "resiprocate-dnsstub-dos(43770)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43770"
"name" : "4013", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4013" "name": "http://www.resiprocate.org/ReSIProcate_1.3.3_Release",
}, "refsource": "CONFIRM",
{ "url": "http://www.resiprocate.org/ReSIProcate_1.3.3_Release"
"name" : "resiprocate-dnsstub-dos(43770)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43770" "name": "6046",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/6046"
} },
} {
"name": "31058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31058"
},
{
"name": "4013",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4013"
},
{
"name": "30194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30194"
},
{
"name": "http://labs.mudynamics.com/advisories/MU-200807-01.txt",
"refsource": "MISC",
"url": "http://labs.mudynamics.com/advisories/MU-200807-01.txt"
}
]
}
}

300
2008/3xxx/CVE-2008-3283.json
View File

@ -1,152 +1,152 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2008-3283", "ID": "CVE-2008-3283",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html" "lang": "eng",
}, "value": "Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, and Fedora Directory Server 1.1.1 and earlier allow remote attackers to cause a denial of service (memory consumption) via vectors involving (1) the authentication / bind phase and (2) anonymous LDAP search requests."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=458977", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=458977" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2008-7813", "description": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00521.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2008-7891", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00708.html" ]
}, },
{ "references": {
"name" : "HPSBUX02354", "reference_data": [
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=458977",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458977"
"name" : "SSRT080113", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861" "name": "1020774",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1020774"
"name" : "RHSA-2008:0596", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2008-0596.html" "name": "RHSA-2008:0602",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2008-0602.html"
"name" : "RHSA-2008:0602", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0602.html" "name": "rhds-leaks-dos(44731)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44731"
"name" : "RHSA-2008:0858", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0858.html" "name": "SSRT080113",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861"
"name" : "30872", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/30872" "name": "31913",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31913"
"name" : "oval:org.mitre.oval:def:6118", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6118" "name": "http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.redhat.com/docs/manuals/dir-server/release-notes/7.1SP7/index.html"
"name" : "ADV-2008-2480", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2480" "name": "31702",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31702"
"name" : "1020774", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1020774" "name": "RHSA-2008:0596",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2008-0596.html"
"name" : "31565", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31565" "name": "31867",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31867"
"name" : "31627", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31627" "name": "HPSBUX02354",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01532861"
"name" : "31702", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31702" "name": "30872",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30872"
"name" : "31913", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31913" "name": "oval:org.mitre.oval:def:6118",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6118"
"name" : "31867", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31867" "name": "ADV-2008-2480",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/2480"
"name" : "rhds-leaks-dos(44731)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44731" "name": "FEDORA-2008-7891",
} "refsource": "FEDORA",
] "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00708.html"
} },
} {
"name": "RHSA-2008:0858",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0858.html"
},
{
"name": "31565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31565"
},
{
"name": "31627",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31627"
},
{
"name": "FEDORA-2008-7813",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00521.html"
}
]
}
}

160
2008/3xxx/CVE-2008-3393.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3393", "ID": "CVE-2008-3393",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://holisticinfosec.org/content/view/79/45/", "description_data": [
"refsource" : "MISC", {
"url" : "http://holisticinfosec.org/content/view/79/45/" "lang": "eng",
}, "value": "SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter."
{ }
"name" : "30432", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/30432" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "47202", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/47202" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "31258", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/31258" ]
}, },
{ "references": {
"name" : "bookmine-events-sql-injection(44067)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44067" "name": "30432",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/30432"
} },
} {
"name": "http://holisticinfosec.org/content/view/79/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/79/45/"
},
{
"name": "47202",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/47202"
},
{
"name": "31258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31258"
},
{
"name": "bookmine-events-sql-injection(44067)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44067"
}
]
}
}

160
2008/3xxx/CVE-2008-3592.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3592", "ID": "CVE-2008-3592",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6177", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6177" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in the File Manager in the admin panel in Twentyone Degrees Symphony 1.7.01 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to a directory specified in the destination parameter, then accessing the uploaded file via a direct request, as demonstrated using workspace/masters/."
{ }
"name" : "http://overture21.com/forum/comments.php?DiscussionID=1823", ]
"refsource" : "CONFIRM", },
"url" : "http://overture21.com/forum/comments.php?DiscussionID=1823" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31293", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31293" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4137", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4137" ]
}, },
{ "references": {
"name" : "symphony-file-upload(44432)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44432" "name": "6177",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/6177"
} },
} {
"name": "symphony-file-upload(44432)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44432"
},
{
"name": "4137",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4137"
},
{
"name": "31293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31293"
},
{
"name": "http://overture21.com/forum/comments.php?DiscussionID=1823",
"refsource": "CONFIRM",
"url": "http://overture21.com/forum/comments.php?DiscussionID=1823"
}
]
}
}

190
2008/3xxx/CVE-2008-3773.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-3773", "ID": "CVE-2008-3773",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when \"Show New Private Message Notification Pop-Up\" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title])."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080820 CORE-2008-0813 - vBulletin Cross Site Scripting Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=121933258013788&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and 3.6.10 PL3, when \"Show New Private Message Notification Pop-Up\" is enabled, allows remote authenticated users to inject arbitrary web script or HTML via a private message subject (aka newpm[title])."
{ }
"name" : "http://www.coresecurity.com/content/vbulletin-cross-site-scripting-vulnerability", ]
"refsource" : "MISC", },
"url" : "http://www.coresecurity.com/content/vbulletin-cross-site-scripting-vulnerability" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.vbulletin.com/forum/showthread.php?t=282133", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.vbulletin.com/forum/showthread.php?t=282133" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "30777", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/30777" ]
}, },
{ "references": {
"name" : "1020727", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1020727" "name": "30777",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/30777"
"name" : "31552", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31552" "name": "31552",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/31552"
"name" : "4182", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/4182" "name": "vbulletin-message-xss(44576)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44576"
"name" : "vbulletin-message-xss(44576)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44576" "name": "http://www.vbulletin.com/forum/showthread.php?t=282133",
} "refsource": "CONFIRM",
] "url": "http://www.vbulletin.com/forum/showthread.php?t=282133"
} },
} {
"name": "1020727",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020727"
},
{
"name": "4182",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4182"
},
{
"name": "http://www.coresecurity.com/content/vbulletin-cross-site-scripting-vulnerability",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/vbulletin-cross-site-scripting-vulnerability"
},
{
"name": "20080820 CORE-2008-0813 - vBulletin Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=121933258013788&w=2"
}
]
}
}

140
2008/4xxx/CVE-2008-4296.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4296", "ID": "CVE-2008-4296",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cisco Linksys WRT350N with firmware 1.0.3.7 has \"admin\" as its default password for the \"admin\" account, which makes it easier for remote attackers to obtain access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20080926 Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/496756/100/0/threaded" "lang": "eng",
}, "value": "The Cisco Linksys WRT350N with firmware 1.0.3.7 has \"admin\" as its default password for the \"admin\" account, which makes it easier for remote attackers to obtain access."
{ }
"name" : "4319", ]
"refsource" : "SREASON", },
"url" : "http://securityreason.com/securityalert/4319" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "linksys-admin-default-password(45588)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45588" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "4319",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4319"
},
{
"name": "linksys-admin-default-password(45588)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45588"
},
{
"name": "20080926 Linksys/Cisco WRT350N 1.0.3.7 Insecure Samba Static Configuration",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/496756/100/0/threaded"
}
]
}
}

150
2008/4xxx/CVE-2008-4455.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4455", "ID": "CVE-2008-4455",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6641", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6641" "lang": "eng",
}, "value": "Directory traversal vulnerability in index.php in EKINdesigns MySQL Quick Admin 1.5.5 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read and execute arbitrary files via a .. (dot dot) in the language cookie."
{ }
"name" : "31517", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31517" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "31820", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/31820" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "mysqlquickadmin-index-file-include(45606)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/45606" ]
} },
] "references": {
} "reference_data": [
} {
"name": "31820",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31820"
},
{
"name": "31517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31517"
},
{
"name": "mysqlquickadmin-index-file-include(45606)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45606"
},
{
"name": "6641",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6641"
}
]
}
}

150
2008/4xxx/CVE-2008-4501.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4501", "ID": "CVE-2008-4501",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\\ (dot dot backslash) in the RNTO command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6661", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6661" "lang": "eng",
}, "value": "Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\\ (dot dot backslash) in the RNTO command."
{ }
"name" : "ADV-2008-2746", ]
"refsource" : "VUPEN", },
"url" : "http://www.vupen.com/english/advisories/2008/2746" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "32150", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32150" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "4378", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/4378" ]
} },
] "references": {
} "reference_data": [
} {
"name": "ADV-2008-2746",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2746"
},
{
"name": "6661",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6661"
},
{
"name": "32150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32150"
},
{
"name": "4378",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4378"
}
]
}
}

180
2008/4xxx/CVE-2008-4575.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4575", "ID": "CVE-2008-4575",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to \"a bunch of potential string overflows.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20081015 Re: CVE request: jhead", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2008/10/15/6" "lang": "eng",
}, "value": "Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to \"a bunch of potential string overflows.\""
{ }
"name" : "http://www.sentex.net/~mwandel/jhead/changes.txt", ]
"refsource" : "CONFIRM", },
"url" : "http://www.sentex.net/~mwandel/jhead/changes.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2008-8928", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html" ]
}, },
{ "references": {
"name" : "FEDORA-2008-8941", "reference_data": [
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html" "name": "FEDORA-2008-8928",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html"
"name" : "31770", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31770" "name": "31770",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31770"
"name" : "32363", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32363" "name": "http://www.sentex.net/~mwandel/jhead/changes.txt",
} "refsource": "CONFIRM",
] "url": "http://www.sentex.net/~mwandel/jhead/changes.txt"
} },
} {
"name": "32363",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32363"
},
{
"name": "FEDORA-2008-8941",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
},
{
"name": "[oss-security] 20081015 Re: CVE request: jhead",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
}
]
}
}

290
2008/4xxx/CVE-2008-4819.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4819", "ID": "CVE-2008-4819",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.adobe.com/support/security/bulletins/apsb08-20.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb08-20.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier makes it easier for remote attackers to conduct DNS rebinding attacks via unknown vectors."
{ }
"name" : "http://support.apple.com/kb/HT3338", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT3338" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm", ]
"refsource" : "CONFIRM", }
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm" ]
}, },
{ "references": {
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=" "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid=",
}, "refsource": "CONFIRM",
{ "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=834256&poid="
"name" : "APPLE-SA-2008-12-15", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html" "name": "32129",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/32129"
"name" : "GLSA-200903-23", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200903-23.xml" "name": "33390",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33390"
"name" : "RHSA-2008:0980", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0980.html" "name": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2009-020.htm"
"name" : "248586", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1" "name": "ADV-2008-3444",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/3444"
"name" : "TA08-350A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-350A.html" "name": "32702",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/32702"
"name" : "32129", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32129" "name": "TA08-350A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-350A.html"
"name" : "34226", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34226" "name": "http://www.adobe.com/support/security/bulletins/apsb08-20.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.adobe.com/support/security/bulletins/apsb08-20.html"
"name" : "ADV-2008-3444", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3444" "name": "33179",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/33179"
"name" : "1021147", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021147" "name": "34226",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34226"
"name" : "32702", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/32702" "name": "adobe-flash-dnsrebinding-security-bypass1(46532)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46532"
"name" : "33179", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33179" "name": "GLSA-200903-23",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200903-23.xml"
"name" : "33390", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33390" "name": "http://support.apple.com/kb/HT3338",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3338"
"name" : "adobe-flash-dnsrebinding-security-bypass1(46532)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46532" "name": "RHSA-2008:0980",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2008-0980.html"
} },
} {
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-440.htm"
},
{
"name": "APPLE-SA-2008-12-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html"
},
{
"name": "248586",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-248586-1"
},
{
"name": "1021147",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021147"
}
]
}
}

190
2008/4xxx/CVE-2008-4837.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2008-4837", "ID": "CVE-2008-4837",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka \"Word Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081209 ZDI-08-086: Microsoft Office Word Document Table Property Stack Overflow Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/499064/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1; Word Viewer 2003 Gold and SP3; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; and Microsoft Works 8 allow remote attackers to execute arbitrary code via a crafted Word document that contains a malformed table property, which triggers memory corruption, aka \"Word Memory Corruption Vulnerability.\""
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-086/", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-086/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-08-086", "description": [
"refsource" : "MISC", {
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-08-086" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "MS08-072", ]
"refsource" : "MS", }
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072" ]
}, },
{ "references": {
"name" : "TA08-344A", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-344A.html" "name": "MS08-072",
}, "refsource": "MS",
{ "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-072"
"name" : "oval:org.mitre.oval:def:5982", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5982" "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-086/",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-086/"
"name" : "ADV-2008-3384", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/3384" "name": "http://www.zerodayinitiative.com/advisories/ZDI-08-086",
}, "refsource": "MISC",
{ "url": "http://www.zerodayinitiative.com/advisories/ZDI-08-086"
"name" : "1021370", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021370" "name": "20081209 ZDI-08-086: Microsoft Office Word Document Table Property Stack Overflow Vulnerability",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/499064/100/0/threaded"
} },
} {
"name": "1021370",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021370"
},
{
"name": "TA08-344A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-344A.html"
},
{
"name": "ADV-2008-3384",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3384"
},
{
"name": "oval:org.mitre.oval:def:5982",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5982"
}
]
}
}

170
2008/4xxx/CVE-2008-4928.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-4928", "ID": "CVE-2008-4928",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20081027 MyBB 1.4.2: Multiple Vulnerabilties", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the redirect function in functions.php in MyBB (aka MyBulletinBoard) 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter in a removesubscriptions action to moderation.php, related to use of the ajax option to request a JavaScript redirect. NOTE: this can be leveraged to execute PHP code and bypass cross-site request forgery (CSRF) protection."
{ }
"name" : "20081027 Re: MyBB 1.4.2: Multiple Vulnerabilties", ]
"refsource" : "BUGTRAQ", },
"url" : "http://archives.neohapsis.com/archives/bugtraq/2008-10/0212.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20081027 MyBB 1.4.2: Multiple Vulnerabilties", "description": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2008/11/01/2" ]
}, },
{ "references": {
"name" : "31935", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/31935" "name": "31935",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/31935"
"name" : "ADV-2008-2967", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2967" "name": "20081027 Re: MyBB 1.4.2: Multiple Vulnerabilties",
} "refsource": "BUGTRAQ",
] "url": "http://archives.neohapsis.com/archives/bugtraq/2008-10/0212.html"
} },
} {
"name": "20081027 MyBB 1.4.2: Multiple Vulnerabilties",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2008-10/0203.html"
},
{
"name": "ADV-2008-2967",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2967"
},
{
"name": "20081027 MyBB 1.4.2: Multiple Vulnerabilties",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-10/0472.html"
},
{
"name": "[oss-security] 20081101 CVE request (Fwd: MyBB 1.4.2: Multiple Vulnerabilties)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/01/2"
}
]
}
}

170
2008/6xxx/CVE-2008-6216.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6216", "ID": "CVE-2008-6216",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6876", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6876" "lang": "eng",
}, "value": "SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur Booking Centre Booking System for Hotels Group allows remote attackers to execute arbitrary SQL commands via the OfertaID parameter."
{ }
"name" : "31990", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/31990" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "49446", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/49446" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "32430", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/32430" ]
}, },
{ "references": {
"name" : "ADV-2008-2963", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/2963" "name": "bookingcentre-cadenaofertas-sql-injection(46226)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46226"
"name" : "bookingcentre-cadenaofertas-sql-injection(46226)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46226" "name": "32430",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/32430"
} },
} {
"name": "49446",
"refsource": "OSVDB",
"url": "http://osvdb.org/49446"
},
{
"name": "31990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31990"
},
{
"name": "ADV-2008-2963",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2963"
},
{
"name": "6876",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6876"
}
]
}
}

140
2008/6xxx/CVE-2008-6795.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2008-6795", "ID": "CVE-2008-6795",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "6981", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/6981" "lang": "eng",
}, "value": "SQL injection vulnerability in view_news.php in nicLOR Vibro-School-CMS allows remote attackers to execute arbitrary SQL commands via the nID parameter."
{ }
"name" : "32109", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/32109" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "vibroschoolcms-viewnews-sql-injection(46348)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/46348" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "32109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32109"
},
{
"name": "vibroschoolcms-viewnews-sql-injection(46348)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46348"
},
{
"name": "6981",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6981"
}
]
}
}

140
2013/2xxx/CVE-2013-2051.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-2051", "ID": "CVE-2013-2051",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=959047", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=959047" "lang": "eng",
}, "value": "The Tomcat 6 DIGEST authentication functionality as used in Red Hat Enterprise Linux 6 allows remote attackers to bypass intended access restrictions by performing a replay attack after a nonce becomes stale. NOTE: this issue is due to an incomplete fix for CVE-2012-5887."
{ }
"name" : "RHSA-2013:0869", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0869.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "60187", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/60187" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "60187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/60187"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=959047",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=959047"
},
{
"name": "RHSA-2013:0869",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0869.html"
}
]
}
}

250
2013/2xxx/CVE-2013-2140.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2013-2140", "ID": "CVE-2013-2140",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130605 Re: xen/blkback: Check device permissions before allowing OP_DISCARD", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2013/06/05/21" "lang": "eng",
}, "value": "The dispatch_discard_io function in drivers/block/xen-blkback/blkback.c in the Xen blkback implementation in the Linux kernel before 3.10.5 allows guest OS users to cause a denial of service (data loss) via filesystem write operations on a read-only disk that supports the (1) BLKIF_OP_DISCARD (aka discard or TRIM) or (2) SCSI UNMAP feature."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=604c499cbbcc3d5fe5fb8d53306aa0fae1990109", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=604c499cbbcc3d5fe5fb8d53306aa0fae1990109" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2140.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2140.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.5", ]
"refsource" : "CONFIRM", }
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.5" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=971146", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=971146" "name": "USN-1943-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1943-1"
"name" : "https://github.com/torvalds/linux/commit/604c499cbbcc3d5fe5fb8d53306aa0fae1990109", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/604c499cbbcc3d5fe5fb8d53306aa0fae1990109" "name": "USN-2039-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2039-1"
"name" : "USN-1938-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1938-1" "name": "USN-1938-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1938-1"
"name" : "USN-1943-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1943-1" "name": "USN-1944-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1944-1"
"name" : "USN-1944-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1944-1" "name": "USN-1945-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1945-1"
"name" : "USN-1945-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1945-1" "name": "USN-2038-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2038-1"
"name" : "USN-1946-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1946-1" "name": "http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2140.html",
}, "refsource": "CONFIRM",
{ "url": "http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2140.html"
"name" : "USN-1947-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1947-1" "name": "[oss-security] 20130605 Re: xen/blkback: Check device permissions before allowing OP_DISCARD",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2013/06/05/21"
"name" : "USN-2038-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2038-1" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=604c499cbbcc3d5fe5fb8d53306aa0fae1990109",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=604c499cbbcc3d5fe5fb8d53306aa0fae1990109"
"name" : "USN-2039-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2039-1" "name": "https://github.com/torvalds/linux/commit/604c499cbbcc3d5fe5fb8d53306aa0fae1990109",
} "refsource": "CONFIRM",
] "url": "https://github.com/torvalds/linux/commit/604c499cbbcc3d5fe5fb8d53306aa0fae1990109"
} },
} {
"name": "USN-1947-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1947-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=971146",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=971146"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.5"
},
{
"name": "USN-1946-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1946-1"
}
]
}
}

140
2013/2xxx/CVE-2013-2651.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2651", "ID": "CVE-2013-2651",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) \"p\" or (2) content parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20131009 [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire <= v3.5", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) \"p\" or (2) content parameter to index.php."
{ }
"name" : "http://packetstormsecurity.com/files/123558", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/123558" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "boltwire-cve20132651-xss(87809)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/87809" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20131009 [ISecAuditors Security Advisories] Multiple Reflected XSS vulnerabilities in BoltWire <= v3.5",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-10/0033.html"
},
{
"name": "http://packetstormsecurity.com/files/123558",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/123558"
},
{
"name": "boltwire-cve20132651-xss(87809)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/87809"
}
]
}
}

34
2013/2xxx/CVE-2013-2676.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-2676", "ID": "CVE-2013-2676",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2013/6xxx/CVE-2013-6031.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2013-6031", "ID": "CVE-2013-6031",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/aczire/huawei-csrf-info_disclosure/blob/master/huawei_wifi_info.rb", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/aczire/huawei-csrf-info_disclosure/blob/master/huawei_wifi_info.rb" "lang": "eng",
}, "value": "The Huawei E355 adapter with firmware 21.157.37.01.910 does not require authentication for API pages, which allows remote attackers to change passwords and settings, or obtain sensitive information, via a direct request to (1) api/wlan/security-settings, (2) api/device/information, (3) api/wlan/basic-settings, (4) api/wlan/mac-filter, (5) api/monitoring/status, or (6) api/dhcp/settings."
{ }
"name" : "VU#341526", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/341526" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#341526",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/341526"
},
{
"name": "https://github.com/aczire/huawei-csrf-info_disclosure/blob/master/huawei_wifi_info.rb",
"refsource": "MISC",
"url": "https://github.com/aczire/huawei-csrf-info_disclosure/blob/master/huawei_wifi_info.rb"
}
]
}
}

160
2013/6xxx/CVE-2013-6172.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6172", "ID": "CVE-2013-6172",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://roundcube.net/news/2013/10/21/security-updates-095-and-087/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://roundcube.net/news/2013/10/21/security-updates-095-and-087/" "lang": "eng",
}, "value": "steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code."
{ }
"name" : "http://trac.roundcube.net/ticket/1489382", ]
"refsource" : "CONFIRM", },
"url" : "http://trac.roundcube.net/ticket/1489382" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-2787", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2013/dsa-2787" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2014:0365", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2014-03/msg00035.html" "name": "http://trac.roundcube.net/ticket/1489382",
} "refsource": "CONFIRM",
] "url": "http://trac.roundcube.net/ticket/1489382"
} },
} {
"name": "http://roundcube.net/news/2013/10/21/security-updates-095-and-087/",
"refsource": "CONFIRM",
"url": "http://roundcube.net/news/2013/10/21/security-updates-095-and-087/"
},
{
"name": "http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19",
"refsource": "CONFIRM",
"url": "http://www.interworx.com/developers/changelog/version-5-0-13-build-574-2014-02-19"
},
{
"name": "openSUSE-SU-2014:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2014-03/msg00035.html"
},
{
"name": "DSA-2787",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2787"
}
]
}
}

180
2013/6xxx/CVE-2013-6795.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2013-6795", "ID": "CVE-2013-6795",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20131122 CVE-2013-6795 Vulnerability in the Rackspace Windows Agent and Updater", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-11/0122.html" "lang": "eng",
}, "value": "The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary."
{ }
"name" : "http://blog.cloudpassage.com/2013/11/18/cve-2013-6795-vulnerability-rackspace-windows-agent-updater/", ]
"refsource" : "MISC", },
"url" : "http://blog.cloudpassage.com/2013/11/18/cve-2013-6795-vulnerability-rackspace-windows-agent-updater/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstormsecurity.com/files/124153/Rackspace-Windows-Agent-Updater-Arbitrary-Code-Execution.html", "description": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/124153/Rackspace-Windows-Agent-Updater-Arbitrary-Code-Execution.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/commit/ef16f88f20254b8083e361f11707da25f8482401", ]
"refsource" : "CONFIRM", }
"url" : "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/commit/ef16f88f20254b8083e361f11707da25f8482401" ]
}, },
{ "references": {
"name" : "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/releases/tag/1.2.6.0", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/releases/tag/1.2.6.0" "name": "http://blog.cloudpassage.com/2013/11/18/cve-2013-6795-vulnerability-rackspace-windows-agent-updater/",
}, "refsource": "MISC",
{ "url": "http://blog.cloudpassage.com/2013/11/18/cve-2013-6795-vulnerability-rackspace-windows-agent-updater/"
"name" : "100191", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/100191" "name": "http://packetstormsecurity.com/files/124153/Rackspace-Windows-Agent-Updater-Arbitrary-Code-Execution.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/124153/Rackspace-Windows-Agent-Updater-Arbitrary-Code-Execution.html"
"name" : "55775", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55775" "name": "20131122 CVE-2013-6795 Vulnerability in the Rackspace Windows Agent and Updater",
} "refsource": "BUGTRAQ",
] "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0122.html"
} },
} {
"name": "100191",
"refsource": "OSVDB",
"url": "http://osvdb.org/100191"
},
{
"name": "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/commit/ef16f88f20254b8083e361f11707da25f8482401",
"refsource": "CONFIRM",
"url": "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/commit/ef16f88f20254b8083e361f11707da25f8482401"
},
{
"name": "55775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55775"
},
{
"name": "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/releases/tag/1.2.6.0",
"refsource": "CONFIRM",
"url": "https://github.com/rackerlabs/openstack-guest-agents-windows-xenserver/releases/tag/1.2.6.0"
}
]
}
}

142
2017/10xxx/CVE-2017-10057.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10057", "ID": "CVE-2017-10057",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "PeopleSoft Enterprise PRTL Interaction Hub", "product_name": "PeopleSoft Enterprise PRTL Interaction Hub",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "9.1.0" "version_value": "9.1.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Discussion Forum). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "lang": "eng",
}, "value": "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Discussion Forum). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
{ }
"name" : "99798", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99798" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038932", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038932" "lang": "eng",
} "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1038932",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038932"
},
{
"name": "99798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99798"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

142
2017/10xxx/CVE-2017-10070.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2017-10070", "ID": "CVE-2017-10070",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "PeopleSoft Enterprise PRTL Interaction Hub", "product_name": "PeopleSoft Enterprise PRTL Interaction Hub",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "9.1.0" "version_value": "9.1.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Maintenance Folders). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "lang": "eng",
}, "value": "Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub component of Oracle PeopleSoft Products (subcomponent: Maintenance Folders). The supported version that is affected is 9.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
{ }
"name" : "99762", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/99762" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1038932", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1038932" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PRTL Interaction Hub. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PRTL Interaction Hub, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PRTL Interaction Hub accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PRTL Interaction Hub accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "99762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99762"
},
{
"name": "1038932",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038932"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
}
]
}
}

120
2017/10xxx/CVE-2017-10968.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-10968", "ID": "CVE-2017-10968",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In FineCMS through 2017-07-07, application\\core\\controller\\template.php allows remote PHP code execution by placing the code after \"<?php\" in a route=template request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.yuesec.com/img/cccccve/finecms_codeexec/finecmscodeexec_2017_07_06_submit.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.yuesec.com/img/cccccve/finecms_codeexec/finecmscodeexec_2017_07_06_submit.html" "lang": "eng",
} "value": "In FineCMS through 2017-07-07, application\\core\\controller\\template.php allows remote PHP code execution by placing the code after \"<?php\" in a route=template request."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.yuesec.com/img/cccccve/finecms_codeexec/finecmscodeexec_2017_07_06_submit.html",
"refsource": "MISC",
"url": "http://www.yuesec.com/img/cccccve/finecms_codeexec/finecmscodeexec_2017_07_06_submit.html"
}
]
}
}

34
2017/11xxx/CVE-2017-11971.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-11971", "ID": "CVE-2017-11971",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2017/14xxx/CVE-2017-14334.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-14334", "ID": "CVE-2017-14334",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

150
2017/14xxx/CVE-2017-14354.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@microfocus.com", "ASSIGNER": "security@suse.com",
"ID" : "CVE-2017-14354", "ID": "CVE-2017-14354",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.tenable.com/security/research/tra-2017-32", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.tenable.com/security/research/tra-2017-32" "lang": "eng",
}, "value": "A remote cross-site scripting vulnerability in HP UCMDB Foundation Software versions 10.10, 10.11, 10.20, 10.21, 10.22, 10.30, 10.31, 10.32, and 10.33 could be remotely exploited to allow cross-site scripting."
{ }
"name" : "https://softwaresupport.hpe.com/km/KM02977984", ]
"refsource" : "CONFIRM", },
"url" : "https://softwaresupport.hpe.com/km/KM02977984" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ESB-2017.2509", "description": [
"refsource" : "AUSCERT", {
"url" : "https://www.auscert.org.au/bulletins/53150" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "101254", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/101254" ]
} },
] "references": {
} "reference_data": [
} {
"name": "101254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101254"
},
{
"name": "https://www.tenable.com/security/research/tra-2017-32",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2017-32"
},
{
"name": "https://softwaresupport.hpe.com/km/KM02977984",
"refsource": "CONFIRM",
"url": "https://softwaresupport.hpe.com/km/KM02977984"
},
{
"name": "ESB-2017.2509",
"refsource": "AUSCERT",
"url": "https://www.auscert.org.au/bulletins/53150"
}
]
}
}

34
2017/14xxx/CVE-2017-14794.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-14794", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-14794",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-7502. Reason: This candidate is a reservation duplicate of CVE-2018-7502. Notes: All CVE users should reference CVE-2018-7502 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

120
2017/15xxx/CVE-2017-15254.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15254", "ID": "CVE-2017-15254",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a \"Read Access Violation starting at PDF!xmlGetGlobalState+0x000000000007dfa5.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15254", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15254" "lang": "eng",
} "value": "IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted .pdf file, related to a \"Read Access Violation starting at PDF!xmlGetGlobalState+0x000000000007dfa5.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15254",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-15254"
}
]
}
}

34
2017/15xxx/CVE-2017-15492.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2017-15492", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2017-15492",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2017. Notes: none."
} }
] ]
} }
} }

130
2017/15xxx/CVE-2017-15640.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-15640", "ID": "CVE-2017-15640",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/phpipam/phpipam/issues/1521", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/phpipam/phpipam/issues/1521" "lang": "eng",
}, "value": "app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip parameter."
{ }
"name" : "https://github.com/phpipam/phpipam/releases/tag/1.3.1", ]
"refsource" : "CONFIRM", },
"url" : "https://github.com/phpipam/phpipam/releases/tag/1.3.1" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/phpipam/phpipam/releases/tag/1.3.1",
"refsource": "CONFIRM",
"url": "https://github.com/phpipam/phpipam/releases/tag/1.3.1"
},
{
"name": "https://github.com/phpipam/phpipam/issues/1521",
"refsource": "CONFIRM",
"url": "https://github.com/phpipam/phpipam/issues/1521"
}
]
}
}

34
2017/9xxx/CVE-2017-9453.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9453", "ID": "CVE-2017-9453",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2017/9xxx/CVE-2017-9497.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9497", "ID": "CVE-2017-9497",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics menu on the set-top box, and then posting to a Web Inspector route."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-41.root-command-execution.txt", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-41.root-command-execution.txt" "lang": "eng",
} "value": "The Comcast firmware on Motorola MX011ANM (firmware version MX011AN_2.9p6s1_PROD_sey) devices allows physically proximate attackers to execute arbitrary commands as root by pulling up the diagnostics menu on the set-top box, and then posting to a Web Inspector route."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-41.root-command-execution.txt",
"refsource": "MISC",
"url": "https://github.com/BastilleResearch/CableTap/blob/master/doc/advisories/bastille-41.root-command-execution.txt"
}
]
}
}

120
2017/9xxx/CVE-2017-9588.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9588", "ID": "CVE-2017-9588",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"Oritani Mobile Banking\" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5" "lang": "eng",
} "value": "The \"Oritani Mobile Banking\" by Oritani Bank app 3.0.0 -- aka oritani-mobile-banking/id778851066 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5",
"refsource": "MISC",
"url": "https://medium.com/@chronic_9612/advisory-44-credit-union-apps-for-ios-may-allow-login-credential-exposure-4d2f380b85c5"
}
]
}
}

120
2017/9xxx/CVE-2017-9895.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9895", "ID": "CVE-2017-9895",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e95.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9895", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9895" "lang": "eng",
} "value": "XnView Classic for Windows Version 2.40 allows remote attackers to execute code via a crafted .fpx file, related to a \"Read Access Violation on Control Flow starting at Xfpx!gffGetFormatInfo+0x0000000000020e95.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9895",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9895"
}
]
}
}

120
2017/9xxx/CVE-2017-9917.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2017-9917", "ID": "CVE-2017-9917",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77df0000!RtlFreeHandle+0x0000000000000218.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9917", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9917" "lang": "eng",
} "value": "IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow attackers to cause a denial of service or possibly have unspecified other impact via a crafted file, related to \"Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at ntdll_77df0000!RtlFreeHandle+0x0000000000000218.\""
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9917",
"refsource": "MISC",
"url": "https://github.com/wlinzi/security_advisories/tree/master/CVE-2017-9917"
}
]
}
}

120
2018/0xxx/CVE-2018-0225.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0225", "ID": "CVE-2018-0225",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) unknown", "product_name": "Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) unknown",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) unknown" "version_value": "Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) unknown"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL injection"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://docs.appdynamics.com/display/PRO44/Release+Notes#ReleaseNotes-4.4.3.10598(HF4)Updates", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://docs.appdynamics.com/display/PRO44/Release+Notes#ReleaseNotes-4.4.3.10598(HF4)Updates" "lang": "eng",
} "value": "The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.appdynamics.com/display/PRO44/Release+Notes#ReleaseNotes-4.4.3.10598(HF4)Updates",
"refsource": "CONFIRM",
"url": "https://docs.appdynamics.com/display/PRO44/Release+Notes#ReleaseNotes-4.4.3.10598(HF4)Updates"
}
]
}
}

140
2018/0xxx/CVE-2018-0285.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0285", "ID": "CVE-2018-0285",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Prime Service Catalog", "product_name": "Cisco Prime Service Catalog",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco Prime Service Catalog" "version_value": "Cisco Prime Service Catalog"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to excessive logging. A successful exploit could allow the attacker to deny service to the user interface. Cisco Bug IDs: CSCvd39568."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-psc", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-psc" "lang": "eng",
}, "value": "A vulnerability in service logging for Cisco Prime Service Catalog could allow an authenticated, remote attacker to deny service to the user interface. The vulnerability is due to exhaustion of disk space. An attacker could exploit this vulnerability by performing certain operations that lead to excessive logging. A successful exploit could allow the attacker to deny service to the user interface. Cisco Bug IDs: CSCvd39568."
{ }
"name" : "104082", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104082" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040826", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040826" "lang": "eng",
} "value": "CWE-400"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-psc",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-psc"
},
{
"name": "1040826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040826"
},
{
"name": "104082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104082"
}
]
}
}

130
2018/0xxx/CVE-2018-0345.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2018-0345", "ID": "CVE-2018-0345",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco SD-WAN Solution unknown", "product_name": "Cisco SD-WAN Solution unknown",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Cisco SD-WAN Solution unknown" "version_value": "Cisco SD-WAN Solution unknown"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx" "lang": "eng",
}, "value": "A vulnerability in the configuration and management database of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. The vulnerability is due to insufficient validation of command arguments that are passed to the configuration and management database of the affected software. An attacker could exploit this vulnerability by creating custom functions that contain malicious code and are executed as the vmanage user of the configuration management system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the vmanage user in the configuration management system of the affected software. This vulnerability affects the following Cisco products if they are running a release of the Cisco SD-WAN Solution prior to Release 18.3.0: vBond Orchestrator Software, vManage Network Management Software, vSmart Controller Software. Cisco Bug IDs: CSCvi69937."
{ }
"name" : "104859", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104859" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104859"
},
{
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx",
"refsource": "CONFIRM",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-sdwan-cx"
}
]
}
}

150
2018/0xxx/CVE-2018-0824.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-0824", "ID": "CVE-2018-0824",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in \"Microsoft COM for Windows\" when it fails to properly handle serialized objects, aka \"Microsoft COM for Windows Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44906", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44906/" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in \"Microsoft COM for Windows\" when it fails to properly handle serialized objects, aka \"Microsoft COM for Windows Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
{ }
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824", ]
"refsource" : "CONFIRM", },
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "104030", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104030" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1040848", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1040848" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1040848",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040848"
},
{
"name": "44906",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44906/"
},
{
"name": "104030",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104030"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0824"
}
]
}
}

126
2018/1000xxx/CVE-2018-1000618.json
View File

@ -1,65 +1,65 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-07-08T15:52:41.197668", "DATE_ASSIGNED": "2018-07-08T15:52:41.197668",
"DATE_REQUESTED" : "2018-06-27T10:33:58", "DATE_REQUESTED": "2018-06-27T10:33:58",
"ID" : "CVE-2018-1000618", "ID": "CVE-2018-1000618",
"REQUESTER" : "gsen1993@gmail.com", "REQUESTER": "gsen1993@gmail.com",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "eos", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "EOSIO/eos" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d ."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "stack overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/EOSIO/eos/pull/4112", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/EOSIO/eos/pull/4112" "lang": "eng",
} "value": "EOSIO/eos eos version after commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168 contains a stack overflow vulnerability in abi_serializer that can result in attack eos network node. This attack appear to be exploitable via network request. This vulnerability appears to have been fixed in after commit cf7209e703e6d3f7a5413e0cb1fe88a4d8e4b38d ."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/EOSIO/eos/pull/4112",
"refsource": "CONFIRM",
"url": "https://github.com/EOSIO/eos/pull/4112"
}
]
}
}

34
2018/12xxx/CVE-2018-12136.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-12136", "ID": "CVE-2018-12136",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/12xxx/CVE-2018-12785.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-12785", "ID": "CVE-2018-12785",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions", "product_name": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions" "version_value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
{ }
"name" : "1041250", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041250" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Heap Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-21.html"
},
{
"name": "1041250",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041250"
}
]
}
}

140
2018/12xxx/CVE-2018-12853.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-12853", "ID": "CVE-2018-12853",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader", "product_name": "Adobe Acrobat and Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe" "vendor_name": "Adobe"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Errors"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution."
{ }
"name" : "105437", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105437" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041809", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041809" "lang": "eng",
} "value": "Buffer Errors"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
},
{
"name": "105437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105437"
}
]
}
}

120
2018/16xxx/CVE-2018-16432.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16432", "ID": "CVE-2018-16432",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://hpdoger.me/2018/08/18/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E5%A4%8D%E7%8E%B0%EF%BC%9ABluecms%201.6/", "description_data": [
"refsource" : "MISC", {
"url" : "http://hpdoger.me/2018/08/18/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E5%A4%8D%E7%8E%B0%EF%BC%9ABluecms%201.6/" "lang": "eng",
} "value": "BlueCMS 1.6 allows SQL Injection via the user_name parameter to uploads/user.php?act=index_login."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://hpdoger.me/2018/08/18/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E5%A4%8D%E7%8E%B0%EF%BC%9ABluecms%201.6/",
"refsource": "MISC",
"url": "http://hpdoger.me/2018/08/18/%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1%E5%A4%8D%E7%8E%B0%EF%BC%9ABluecms%201.6/"
}
]
}
}

130
2018/16xxx/CVE-2018-16822.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16822", "ID": "CVE-2018-16822",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.51cto.com/13770310/2177214", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.51cto.com/13770310/2177214" "lang": "eng",
}, "value": "SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter."
{ }
"name" : "http://www.seacms.net/thread-6251-1-1.html", ]
"refsource" : "MISC", },
"url" : "http://www.seacms.net/thread-6251-1-1.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blog.51cto.com/13770310/2177214",
"refsource": "MISC",
"url": "http://blog.51cto.com/13770310/2177214"
},
{
"name": "http://www.seacms.net/thread-6251-1-1.html",
"refsource": "MISC",
"url": "http://www.seacms.net/thread-6251-1-1.html"
}
]
}
}

140
2018/16xxx/CVE-2018-16983.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-16983", "ID": "CVE-2018-16983",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://noscript.net/getit#classic", "description_data": [
"refsource" : "MISC", {
"url" : "https://noscript.net/getit#classic" "lang": "eng",
}, "value": "NoScript Classic before 5.1.8.7, as used in Tor Browser 7.x and other products, allows attackers to bypass script blocking via the text/html;/json Content-Type value."
{ }
"name" : "https://twitter.com/Zerodium/status/1039127214602641409", ]
"refsource" : "MISC", },
"url" : "https://twitter.com/Zerodium/status/1039127214602641409" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/", "description": [
"refsource" : "MISC", {
"url" : "https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://noscript.net/getit#classic",
"refsource": "MISC",
"url": "https://noscript.net/getit#classic"
},
{
"name": "https://twitter.com/Zerodium/status/1039127214602641409",
"refsource": "MISC",
"url": "https://twitter.com/Zerodium/status/1039127214602641409"
},
{
"name": "https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/",
"refsource": "MISC",
"url": "https://www.zdnet.com/article/exploit-vendor-drops-tor-browser-zero-day-on-twitter/"
}
]
}
}

130
2018/19xxx/CVE-2018-19719.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-19719", "ID": "CVE-2018-19719",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "106162", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106162" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106162"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
}
]
}
}

34
2018/4xxx/CVE-2018-4324.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4324", "ID": "CVE-2018-4324",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/4xxx/CVE-2018-4704.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-4704", "ID": "CVE-2018-4704",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/4xxx/CVE-2018-4982.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-4982", "ID": "CVE-2018-4982",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions", "product_name": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions" "version_value": "Adobe Acrobat and Reader 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html", "description_data": [
"refsource" : "MISC", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2018.011.20038 and earlier, 2017.011.30079 and earlier, and 2015.006.30417 and earlier have a Heap Overflow vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user."
{ }
"name" : "104172", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104172" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040920", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040920" "lang": "eng",
} "value": "Heap Overflow"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "104172",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104172"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html",
"refsource": "MISC",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-09.html"
},
{
"name": "1040920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040920"
}
]
}
}