admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 07:19:52 +00:00
parent 59a8631be2
commit 070a638820
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3950 additions and 3950 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
2005/0xxx/CVE-2005-0250.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0250",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050208 IBM AIX auditselect Local Format String Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=193&type=vulnerabilities&flashstatus=false"
},
{
"name" : "IY67519",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY67519"
},
{
"name" : "IY67472",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY67472"
},
{
"name" : "IY67802",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1IY67802"
},
{
"name" : "VU#896729",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/896729"
},
{
"name" : "12496",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12496"
},
{
"name" : "1013103",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013103"
},
{
"name" : "14198",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14198"
},
{
"name" : "aix-auditselect-format-string(19255)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19255"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#896729",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/896729"
},
{
"name": "aix-auditselect-format-string(19255)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19255"
},
{
"name": "IY67519",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY67519"
},
{
"name": "IY67802",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY67802"
},
{
"name": "14198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14198"
},
{
"name": "1013103",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013103"
},
{
"name": "12496",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12496"
},
{
"name": "IY67472",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1IY67472"
},
{
"name": "20050208 IBM AIX auditselect Local Format String Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=193&type=vulnerabilities&flashstatus=false"
}
]
}
}

34
2005/2xxx/CVE-2005-2121.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2121",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2121",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

420
2005/2xxx/CVE-2005-2974.json
View File

@ -1,212 +1,212 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2974",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=109997",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=109997"
},
{
"name" : "http://scary.beasts.org/security/CESA-2005-007.txt",
"refsource" : "MISC",
"url" : "http://scary.beasts.org/security/CESA-2005-007.txt"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=364493",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=364493"
},
{
"name" : "DSA-890",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-890"
},
{
"name" : "FLSA:174479",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/428059/100/0/threaded"
},
{
"name" : "FLSA-2006:174479",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/428059/30/6300/threaded"
},
{
"name" : "FEDORA-2009-5118",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00771.html"
},
{
"name" : "GLSA-200511-03",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-03.xml"
},
{
"name" : "MDKSA-2005:207",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:207"
},
{
"name" : "RHSA-2005:828",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-828.html"
},
{
"name" : "FEDORA-2005-1045",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/advisories/9636"
},
{
"name" : "FEDORA-2005-1046",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/advisories/9637"
},
{
"name" : "RHSA-2009:0444",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0444.html"
},
{
"name" : "USN-214-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntulinux.org/usn/usn-214-1"
},
{
"name" : "15304",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15304"
},
{
"name" : "oval:org.mitre.oval:def:10994",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10994"
},
{
"name" : "34872",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34872"
},
{
"name" : "35164",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35164"
},
{
"name" : "ADV-2005-2295",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2295"
},
{
"name" : "20470",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20470"
},
{
"name" : "1015149",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015149"
},
{
"name" : "17442",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17442"
},
{
"name" : "17462",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17462"
},
{
"name" : "17488",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17488"
},
{
"name" : "17508",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17508"
},
{
"name" : "17559",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17559"
},
{
"name" : "17436",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17436"
},
{
"name" : "17438",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17438"
},
{
"name" : "17482",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17482"
},
{
"name" : "17497",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17497"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17508"
},
{
"name": "17438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17438"
},
{
"name": "FLSA-2006:174479",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/428059/30/6300/threaded"
},
{
"name": "17482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17482"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=109997",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=109997"
},
{
"name": "17442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17442"
},
{
"name": "34872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34872"
},
{
"name": "RHSA-2005:828",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-828.html"
},
{
"name": "17559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17559"
},
{
"name": "USN-214-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntulinux.org/usn/usn-214-1"
},
{
"name": "17488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17488"
},
{
"name": "RHSA-2009:0444",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0444.html"
},
{
"name": "FEDORA-2009-5118",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00771.html"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171413"
},
{
"name": "oval:org.mitre.oval:def:10994",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10994"
},
{
"name": "GLSA-200511-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-03.xml"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=364493",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=364493"
},
{
"name": "FEDORA-2005-1045",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/advisories/9636"
},
{
"name": "ADV-2005-2295",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2295"
},
{
"name": "17436",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17436"
},
{
"name": "DSA-890",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-890"
},
{
"name": "FLSA:174479",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/428059/100/0/threaded"
},
{
"name": "http://scary.beasts.org/security/CESA-2005-007.txt",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2005-007.txt"
},
{
"name": "1015149",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015149"
},
{
"name": "FEDORA-2005-1046",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/advisories/9637"
},
{
"name": "15304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15304"
},
{
"name": "20470",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20470"
},
{
"name": "17462",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17462"
},
{
"name": "MDKSA-2005:207",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:207"
},
{
"name": "17497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17497"
},
{
"name": "35164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35164"
}
]
}
}

130
2005/3xxx/CVE-2005-3022.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3022",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112715150320677&w=2"
},
{
"name" : "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt",
"refsource" : "MISC",
"url" : "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, (2) userid parameter to user.php, (3) calendar parameter to admincalendar.php, (4) cronid parameter to cronlog.php, (5) usergroupid parameter to email.php, (6) help parameter to help.php, (7) rvt parameter to language.php, (8) keep parameter to phrase.php, or (9) updateprofilepic parameter to usertools.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt",
"refsource": "MISC",
"url": "http://morph3us.org/advisories/20050917-vbulletin-3.0.8.txt"
},
{
"name": "20050918 [BuHa-Security] Multiple vulnerabilities in (admincp/modcp of) vBulletin 3.0.8/9",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112715150320677&w=2"
}
]
}
}

140
2005/3xxx/CVE-2005-3064.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3064",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050925 Server crash and motd deletion in MultiTheftAuto 0.5 patch 1",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037384.html"
},
{
"name" : "http://aluigi.altervista.org/adv/mtaboom-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/mtaboom-adv.txt"
},
{
"name" : "16926",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16926/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aluigi.altervista.org/adv/mtaboom-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/mtaboom-adv.txt"
},
{
"name": "16926",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16926/"
},
{
"name": "20050925 Server crash and motd deletion in MultiTheftAuto 0.5 patch 1",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037384.html"
}
]
}
}

160
2005/3xxx/CVE-2005-3111.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-827",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-827"
},
{
"name" : "14978",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14978"
},
{
"name" : "16995",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16995/"
},
{
"name" : "17018",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17018"
},
{
"name" : "backupninja-backupninja-script-symlink(22461)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22461"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-827",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-827"
},
{
"name": "17018",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17018"
},
{
"name": "16995",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16995/"
},
{
"name": "14978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14978"
},
{
"name": "backupninja-backupninja-script-symlink(22461)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22461"
}
]
}
}

170
2005/3xxx/CVE-2005-3436.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3436",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remote attackers to inject arbitrary web script or HTML via the (1) Search module, (2) certain edit fields in Guestbook, (3) the title in the Forum module, and (4) Textbox."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051021 Nuked klan 1.7: XSS vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112991421210577&w=2"
},
{
"name" : "15166",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15166"
},
{
"name" : "ADV-2005-2189",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2189"
},
{
"name" : "17304",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17304/"
},
{
"name" : "104",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/104"
},
{
"name" : "nuked-klan-modules-xss(22873)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22873"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remote attackers to inject arbitrary web script or HTML via the (1) Search module, (2) certain edit fields in Guestbook, (3) the title in the Forum module, and (4) Textbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2189",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2189"
},
{
"name": "nuked-klan-modules-xss(22873)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22873"
},
{
"name": "17304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17304/"
},
{
"name": "104",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/104"
},
{
"name": "20051021 Nuked klan 1.7: XSS vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112991421210577&w=2"
},
{
"name": "15166",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15166"
}
]
}
}

300
2005/3xxx/CVE-2005-3552.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051105 Advisory 21/2005: Multiple vulnerabilities in PHPKIT",
"refsource" : "BUGTRAQ",
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00110.html"
},
{
"name" : "http://www.hardened-php.net/advisory_212005.80.html",
"refsource" : "MISC",
"url" : "http://www.hardened-php.net/advisory_212005.80.html"
},
{
"name" : "15354",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15354"
},
{
"name" : "ADV-2005-2344",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2344"
},
{
"name" : "20553",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20553"
},
{
"name" : "20554",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20554"
},
{
"name" : "20555",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20555"
},
{
"name" : "20556",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20556"
},
{
"name" : "20557",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20557"
},
{
"name" : "20558",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20558"
},
{
"name" : "20559",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20559"
},
{
"name" : "1015167",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015167"
},
{
"name" : "17479",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17479"
},
{
"name" : "phpkit-admin-xss(23004)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23004"
},
{
"name" : "phpkit-guestbook-xss(23009)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23009"
},
{
"name" : "phpkit-html-tags-xss(23007)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23007"
},
{
"name" : "phpkit-imcenter-xss(23008)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23008"
},
{
"name" : "phpkit-profile-userinfo-xss(23003)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23003"
},
{
"name" : "phpkit-referer-xss(23006)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23006"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple vectors in (1) login/profile.php, (2) login/userinfo.php, (3) admin/admin.php, (4) imcenter.php, and the (5) referer statistics, the (6) HTML title element and (7) logo alt attributes in forum postings, and the (8) Homepage field in the Guestbook."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpkit-profile-userinfo-xss(23003)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23003"
},
{
"name": "phpkit-imcenter-xss(23008)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23008"
},
{
"name": "1015167",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015167"
},
{
"name": "20553",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20553"
},
{
"name": "15354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15354"
},
{
"name": "phpkit-referer-xss(23006)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23006"
},
{
"name": "20558",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20558"
},
{
"name": "phpkit-html-tags-xss(23007)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23007"
},
{
"name": "20051105 Advisory 21/2005: Multiple vulnerabilities in PHPKIT",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00110.html"
},
{
"name": "phpkit-guestbook-xss(23009)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23009"
},
{
"name": "20555",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20555"
},
{
"name": "ADV-2005-2344",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2344"
},
{
"name": "20554",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20554"
},
{
"name": "20559",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20559"
},
{
"name": "17479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17479"
},
{
"name": "http://www.hardened-php.net/advisory_212005.80.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_212005.80.html"
},
{
"name": "20556",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20556"
},
{
"name": "phpkit-admin-xss(23004)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23004"
},
{
"name": "20557",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20557"
}
]
}
}

160
2005/3xxx/CVE-2005-3630.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3630",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders \"allow\" directives before \"deny\" directives."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-3630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://directory.fedora.redhat.com/wiki/FDS10Announcement",
"refsource" : "CONFIRM",
"url" : "http://directory.fedora.redhat.com/wiki/FDS10Announcement"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=121994",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=121994"
},
{
"name" : "16729",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16729"
},
{
"name" : "18939",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18939"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders \"allow\" directives before \"deny\" directives."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://directory.fedora.redhat.com/wiki/FDS10Announcement",
"refsource": "CONFIRM",
"url": "http://directory.fedora.redhat.com/wiki/FDS10Announcement"
},
{
"name": "16729",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16729"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=121994",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=121994"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=174837"
},
{
"name": "18939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18939"
}
]
}
}

260
2005/3xxx/CVE-2005-3646.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3646",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051110 [FS-05-01] Multiple vulnerabilities in phpAdsNew",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113165036315035&w=2"
},
{
"name" : "http://www.fitsec.com/advisories/FS-05-01.txt",
"refsource" : "MISC",
"url" : "http://www.fitsec.com/advisories/FS-05-01.txt"
},
{
"name" : "20051115 [PHPADSNEW-SA-2005-002] phpAdsNew and phpPgAds 2.0.7 fix multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/lists/bugtraq/2005/Nov/0189.html"
},
{
"name" : "http://www.zone-h.org/en/advisories/read/id=8413/",
"refsource" : "MISC",
"url" : "http://www.zone-h.org/en/advisories/read/id=8413/"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942"
},
{
"name" : "15385",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15385/"
},
{
"name" : "ADV-2005-2380",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2380"
},
{
"name" : "20744",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20744"
},
{
"name" : "20745",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20745"
},
{
"name" : "1015193",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015193"
},
{
"name" : "17464",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17464/"
},
{
"name" : "17579",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17579"
},
{
"name" : "171",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/171"
},
{
"name" : "172",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/172"
},
{
"name" : "phpadsnew-logout-sql-injection(23044)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fitsec.com/advisories/FS-05-01.txt",
"refsource": "MISC",
"url": "http://www.fitsec.com/advisories/FS-05-01.txt"
},
{
"name": "172",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/172"
},
{
"name": "20051110 [FS-05-01] Multiple vulnerabilities in phpAdsNew",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113165036315035&w=2"
},
{
"name": "17464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17464/"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942"
},
{
"name": "20745",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20745"
},
{
"name": "20744",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20744"
},
{
"name": "phpadsnew-logout-sql-injection(23044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23044"
},
{
"name": "20051115 [PHPADSNEW-SA-2005-002] phpAdsNew and phpPgAds 2.0.7 fix multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2005/Nov/0189.html"
},
{
"name": "171",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/171"
},
{
"name": "15385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15385/"
},
{
"name": "http://www.zone-h.org/en/advisories/read/id=8413/",
"refsource": "MISC",
"url": "http://www.zone-h.org/en/advisories/read/id=8413/"
},
{
"name": "1015193",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015193"
},
{
"name": "17579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17579"
},
{
"name": "ADV-2005-2380",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2380"
}
]
}
}

220
2005/3xxx/CVE-2005-3907.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3907",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Java Runtime Environment in Java JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors involving untrusted Java applets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2005-11-30",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html"
},
{
"name" : "102050",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102050-1"
},
{
"name" : "VU#355284",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/355284"
},
{
"name" : "15615",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15615"
},
{
"name" : "ADV-2005-2636",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2636"
},
{
"name" : "ADV-2005-2675",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2675"
},
{
"name" : "1015282",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015282"
},
{
"name" : "17748",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17748"
},
{
"name" : "18092",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18092"
},
{
"name" : "17847",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17847"
},
{
"name" : "sun-untrusted-applet-gain-privileges(23250)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23250"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Java Runtime Environment in Java JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors involving untrusted Java applets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#355284",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/355284"
},
{
"name": "17847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17847"
},
{
"name": "15615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15615"
},
{
"name": "1015282",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015282"
},
{
"name": "ADV-2005-2675",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2675"
},
{
"name": "ADV-2005-2636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2636"
},
{
"name": "sun-untrusted-applet-gain-privileges(23250)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23250"
},
{
"name": "102050",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102050-1"
},
{
"name": "APPLE-SA-2005-11-30",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html"
},
{
"name": "17748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17748"
},
{
"name": "18092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18092"
}
]
}
}

34
2005/4xxx/CVE-2005-4105.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4105",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-4105",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}

160
2005/4xxx/CVE-2005-4254.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4254",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/dreampoll-sql-inj.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/dreampoll-sql-inj.html"
},
{
"name" : "15849",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15849"
},
{
"name" : "ADV-2005-2880",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2880"
},
{
"name" : "21688",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21688"
},
{
"name" : "18014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18014"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in view_Results.php in DreamLevels DreamPoll 3.0 final allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2880",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2880"
},
{
"name": "21688",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21688"
},
{
"name": "http://pridels0.blogspot.com/2005/12/dreampoll-sql-inj.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/dreampoll-sql-inj.html"
},
{
"name": "18014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18014"
},
{
"name": "15849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15849"
}
]
}
}

210
2005/4xxx/CVE-2005-4380.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4380",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/bitweaver-multiple-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/bitweaver-multiple-vuln.html"
},
{
"name" : "http://www.bitweaver.org/forums/viewtopic.php?t=1299",
"refsource" : "CONFIRM",
"url" : "http://www.bitweaver.org/forums/viewtopic.php?t=1299"
},
{
"name" : "15962",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15962"
},
{
"name" : "ADV-2005-2975",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2975"
},
{
"name" : "21922",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21922"
},
{
"name" : "21923",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21923"
},
{
"name" : "21919",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21919"
},
{
"name" : "21920",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21920"
},
{
"name" : "21921",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21921"
},
{
"name" : "bitweaver-multiple-sql-injection(23814)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23814"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to execute arbitrary SQL commands via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php; the (2) post_id parameter to (d) blogs/view_post.php; and the (3) blog_id parameter to (e) blogs/view.php, which are not properly cleansed by the convert_sortmode function in kernel/BitDb.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21919",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21919"
},
{
"name": "http://pridels0.blogspot.com/2005/12/bitweaver-multiple-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/bitweaver-multiple-vuln.html"
},
{
"name": "21921",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21921"
},
{
"name": "15962",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15962"
},
{
"name": "http://www.bitweaver.org/forums/viewtopic.php?t=1299",
"refsource": "CONFIRM",
"url": "http://www.bitweaver.org/forums/viewtopic.php?t=1299"
},
{
"name": "bitweaver-multiple-sql-injection(23814)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23814"
},
{
"name": "ADV-2005-2975",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2975"
},
{
"name": "21920",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21920"
},
{
"name": "21922",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21922"
},
{
"name": "21923",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21923"
}
]
}
}

160
2005/4xxx/CVE-2005-4674.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4674",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4674",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15111",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15111"
},
{
"name" : "20084",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20084"
},
{
"name" : "20085",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20085"
},
{
"name" : "1015054",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015054"
},
{
"name" : "complete-php-counter-list-sql-injection(22758)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22758"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20084",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20084"
},
{
"name": "complete-php-counter-list-sql-injection(22758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22758"
},
{
"name": "1015054",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015054"
},
{
"name": "15111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15111"
},
{
"name": "20085",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20085"
}
]
}
}

160
2005/4xxx/CVE-2005-4886.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4886",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the Linux kernel before 2.6.12-rc4 allows remote attackers to cause a denial of service (OOPS) via vectors associated with an incorrect call to the ipv6_skip_exthdr function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-4886",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100222 CVE-2005-4886 assigned to old remote oops",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/02/22/3"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d3d077cd4f1154e63a9858e47fe3fb1ad0c03e5",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d3d077cd4f1154e63a9858e47fe3fb1ad0c03e5"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.12/ChangeLog-2.6.12-rc4",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.12/ChangeLog-2.6.12-rc4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=160117",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=160117"
},
{
"name" : "kernel-selinuxparseskbipv6-dos(56614)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56614"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the Linux kernel before 2.6.12-rc4 allows remote attackers to cause a denial of service (OOPS) via vectors associated with an incorrect call to the ipv6_skip_exthdr function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "kernel-selinuxparseskbipv6-dos(56614)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56614"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d3d077cd4f1154e63a9858e47fe3fb1ad0c03e5",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=0d3d077cd4f1154e63a9858e47fe3fb1ad0c03e5"
},
{
"name": "[oss-security] 20100222 CVE-2005-4886 assigned to old remote oops",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/02/22/3"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.12/ChangeLog-2.6.12-rc4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.12/ChangeLog-2.6.12-rc4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=160117",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=160117"
}
]
}
}

200
2009/0xxx/CVE-2009-0794.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0794",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/PulseAudioTargetDataLine.java in Pulse-Java, as used in OpenJDK 1.6.0.0 and other products, allows remote attackers to cause a denial of service (applet crash) via a crafted Pulse Audio source data line."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[distro-pkg-dev] 20090211 changeset in /hg/icedtea6: 2009-02-11 Omair Majid <omajid at redh...",
"refsource" : "MLIST",
"url" : "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2009-February/004729.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=492367",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=492367"
},
{
"name" : "FEDORA-2009-3425",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00203.html"
},
{
"name" : "FEDORA-2009-3426",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00204.html"
},
{
"name" : "MDVSA-2009:137",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name" : "MDVSA-2009:162",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name" : "34623",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34623"
},
{
"name" : "ADV-2009-0965",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0965"
},
{
"name" : "pulsejava--pulseaudiotargetdatal-dos(50383)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50383"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the PulseAudioTargetDataL class in src/java/org/classpath/icedtea/pulseaudio/PulseAudioTargetDataLine.java in Pulse-Java, as used in OpenJDK 1.6.0.0 and other products, allows remote attackers to cause a denial of service (applet crash) via a crafted Pulse Audio source data line."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2009:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34623"
},
{
"name": "pulsejava--pulseaudiotargetdatal-dos(50383)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50383"
},
{
"name": "ADV-2009-0965",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0965"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=492367",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=492367"
},
{
"name": "FEDORA-2009-3426",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00204.html"
},
{
"name": "MDVSA-2009:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "[distro-pkg-dev] 20090211 changeset in /hg/icedtea6: 2009-02-11 Omair Majid <omajid at redh...",
"refsource": "MLIST",
"url": "http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2009-February/004729.html"
},
{
"name": "FEDORA-2009-3425",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00203.html"
}
]
}
}

210
2009/0xxx/CVE-2009-0888.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0888",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0889."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-07.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-07.html"
},
{
"name" : "GLSA-200907-06",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name" : "RHSA-2009:1109",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1109.html"
},
{
"name" : "TA09-161A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-161A.html"
},
{
"name" : "35274",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35274"
},
{
"name" : "1022361",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022361"
},
{
"name" : "34580",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34580"
},
{
"name" : "35496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35496"
},
{
"name" : "35734",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35734"
},
{
"name" : "ADV-2009-1547",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1547"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, and CVE-2009-0889."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35274"
},
{
"name": "ADV-2009-1547",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1547"
},
{
"name": "TA09-161A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-161A.html"
},
{
"name": "35734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35734"
},
{
"name": "RHSA-2009:1109",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1109.html"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-07.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-07.html"
},
{
"name": "1022361",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022361"
},
{
"name": "GLSA-200907-06",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
},
{
"name": "34580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34580"
},
{
"name": "35496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35496"
}
]
}
}

150
2009/2xxx/CVE-2009-2275.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2275",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9039",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9039"
},
{
"name" : "35518",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35518"
},
{
"name" : "1022490",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022490"
},
{
"name" : "cpanel-lastvisit-directory-traversal(51426)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51426"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in frontend/x3/stats/lastvisit.html in cPanel allows remote attackers to read arbitrary files via a .. (dot dot) in the domain parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35518"
},
{
"name": "1022490",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022490"
},
{
"name": "cpanel-lastvisit-directory-traversal(51426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51426"
},
{
"name": "9039",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9039"
}
]
}
}

140
2009/2xxx/CVE-2009-2618.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2618",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2618",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9021",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9021"
},
{
"name" : "35495",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35495"
},
{
"name" : "survey-modules-sql-injection(51385)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51385"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "survey-modules-sql-injection(51385)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51385"
},
{
"name": "35495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35495"
},
{
"name": "9021",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9021"
}
]
}
}

280
2009/2xxx/CVE-2009-2690.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2690",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2690",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://java.sun.com/javase/6/webnotes/6u15.html",
"refsource" : "CONFIRM",
"url" : "http://java.sun.com/javase/6/webnotes/6u15.html"
},
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1",
"refsource" : "CONFIRM",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=513223",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=513223"
},
{
"name" : "APPLE-SA-2009-09-03-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"
},
{
"name" : "FEDORA-2009-8329",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"
},
{
"name" : "FEDORA-2009-8337",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"
},
{
"name" : "GLSA-200911-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name" : "MDVSA-2009:209",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"
},
{
"name" : "RHSA-2009:1200",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1200.html"
},
{
"name" : "RHSA-2009:1201",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1201.html"
},
{
"name" : "SUSE-SR:2009:016",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"name" : "oval:org.mitre.oval:def:9443",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9443"
},
{
"name" : "36162",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36162"
},
{
"name" : "36176",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36176"
},
{
"name" : "36180",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36180"
},
{
"name" : "37386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37386"
},
{
"name" : "ADV-2009-2543",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2543"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants read access to private variables with unspecified names, which allows context-dependent attackers to obtain sensitive information via an untrusted (1) applet or (2) application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:1200",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1200.html"
},
{
"name": "36162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36162"
},
{
"name": "ADV-2009-2543",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2543"
},
{
"name": "GLSA-200911-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125139-16-1"
},
{
"name": "oval:org.mitre.oval:def:9443",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9443"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=513223",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=513223"
},
{
"name": "MDVSA-2009:209",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:209"
},
{
"name": "FEDORA-2009-8329",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00310.html"
},
{
"name": "http://java.sun.com/javase/6/webnotes/6u15.html",
"refsource": "CONFIRM",
"url": "http://java.sun.com/javase/6/webnotes/6u15.html"
},
{
"name": "36180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36180"
},
{
"name": "36176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36176"
},
{
"name": "FEDORA-2009-8337",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00325.html"
},
{
"name": "SUSE-SR:2009:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"name": "APPLE-SA-2009-09-03-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00000.html"
},
{
"name": "RHSA-2009:1201",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1201.html"
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
}
]
}
}

340
2009/3xxx/CVE-2009-3230.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3230",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509917/100/0/threaded"
},
{
"name" : "[pgsql-www] 20090909 Re: Incorrect CVE reference on security page",
"refsource" : "MLIST",
"url" : "http://archives.postgresql.org/pgsql-www/2009-09/msg00024.php"
},
{
"name" : "http://www.postgresql.org/docs/8.3/static/release-8-3-8.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/docs/8.3/static/release-8-3-8.html"
},
{
"name" : "http://www.postgresql.org/support/security.html",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/support/security.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=522085",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=522085"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012"
},
{
"name" : "DSA-1900",
"refsource" : "DEBIAN",
"url" : "http://www.us.debian.org/security/2009/dsa-1900"
},
{
"name" : "FEDORA-2009-9473",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html"
},
{
"name" : "FEDORA-2009-9474",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html"
},
{
"name" : "HPSBMU02781",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name" : "SSRT100617",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name" : "270408",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1"
},
{
"name" : "SUSE-SR:2009:016",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"name" : "SUSE-SR:2009:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
},
{
"name" : "USN-834-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-834-1"
},
{
"name" : "36314",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36314"
},
{
"name" : "oval:org.mitre.oval:def:10166",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10166"
},
{
"name" : "36660",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36660"
},
{
"name" : "36695",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36695"
},
{
"name" : "36727",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36727"
},
{
"name" : "36837",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36837"
},
{
"name" : "36800",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36800"
},
{
"name" : "ADV-2009-2602",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2602"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2602",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2602"
},
{
"name": "FEDORA-2009-9474",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00307.html"
},
{
"name": "http://www.postgresql.org/docs/8.3/static/release-8-3-8.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-8.html"
},
{
"name": "36314",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36314"
},
{
"name": "HPSBMU02781",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name": "36837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36837"
},
{
"name": "[pgsql-www] 20090909 Re: Incorrect CVE reference on security page",
"refsource": "MLIST",
"url": "http://archives.postgresql.org/pgsql-www/2009-09/msg00024.php"
},
{
"name": "http://www.postgresql.org/support/security.html",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/support/security.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=522085",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=522085"
},
{
"name": "36660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36660"
},
{
"name": "20100307 rPSA-2010-0012-1 postgresql postgresql-contrib postgresql-server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509917/100/0/threaded"
},
{
"name": "36800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36800"
},
{
"name": "oval:org.mitre.oval:def:10166",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10166"
},
{
"name": "DSA-1900",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2009/dsa-1900"
},
{
"name": "FEDORA-2009-9473",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-September/msg00305.html"
},
{
"name": "SUSE-SR:2009:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00001.html"
},
{
"name": "270408",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270408-1"
},
{
"name": "36727",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36727"
},
{
"name": "SUSE-SR:2009:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
},
{
"name": "USN-834-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-834-1"
},
{
"name": "SSRT100617",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=134124585221119&w=2"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2010-0012"
},
{
"name": "36695",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36695"
}
]
}
}

130
2009/3xxx/CVE-2009-3275.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3275",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \\ (backslash) characters followed by a \" (double quote), related to a certain regular expression, aka a \"ReDoS\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090910 Regular Expression Denial of Service",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506419/100/0/threaded"
},
{
"name" : "http://www.checkmarx.com/Upload/Documents/PDF/Checkmarx_OWASP_IL_2009_ReDoS.pdf",
"refsource" : "MISC",
"url" : "http://www.checkmarx.com/Upload/Documents/PDF/Checkmarx_OWASP_IL_2009_ReDoS.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs in Microsoft patterns & practices Enterprise Library (aka EntLib) allows context-dependent attackers to cause a denial of service (CPU consumption) via an input string composed of many \\ (backslash) characters followed by a \" (double quote), related to a certain regular expression, aka a \"ReDoS\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.checkmarx.com/Upload/Documents/PDF/Checkmarx_OWASP_IL_2009_ReDoS.pdf",
"refsource": "MISC",
"url": "http://www.checkmarx.com/Upload/Documents/PDF/Checkmarx_OWASP_IL_2009_ReDoS.pdf"
},
{
"name": "20090910 Regular Expression Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506419/100/0/threaded"
}
]
}
}

170
2009/3xxx/CVE-2009-3431.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3431",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3431",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-15.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
},
{
"name" : "TA09-286B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
},
{
"name" : "35148",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35148"
},
{
"name" : "oval:org.mitre.oval:def:6532",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6532"
},
{
"name" : "1023007",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023007"
},
{
"name" : "ADV-2009-2898",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2898"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286B.html"
},
{
"name": "1023007",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023007"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-15.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-15.html"
},
{
"name": "oval:org.mitre.oval:def:6532",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6532"
},
{
"name": "ADV-2009-2898",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2898"
},
{
"name": "35148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35148"
}
]
}
}

150
2009/3xxx/CVE-2009-3495.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3495",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://antisecurity.org/dvd-zone-view_mag-phpmag_id-bsqlxss-multiple-remote-vulnerabilities.antisecurity",
"refsource" : "MISC",
"url" : "http://antisecurity.org/dvd-zone-view_mag-phpmag_id-bsqlxss-multiple-remote-vulnerabilities.antisecurity"
},
{
"name" : "36487",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36487"
},
{
"name" : "36843",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36843"
},
{
"name" : "ADV-2009-2735",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2735"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36487",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36487"
},
{
"name": "ADV-2009-2735",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2735"
},
{
"name": "36843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36843"
},
{
"name": "http://antisecurity.org/dvd-zone-view_mag-phpmag_id-bsqlxss-multiple-remote-vulnerabilities.antisecurity",
"refsource": "MISC",
"url": "http://antisecurity.org/dvd-zone-view_mag-phpmag_id-bsqlxss-multiple-remote-vulnerabilities.antisecurity"
}
]
}
}

34
2009/3xxx/CVE-2009-3906.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3906",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3606. Reason: This candidate is a duplicate of CVE-2009-3606. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2009-3606 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-3906",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-3606. Reason: This candidate is a duplicate of CVE-2009-3606. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2009-3606 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

34
2009/4xxx/CVE-2009-4126.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4126",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4126",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2015/0xxx/CVE-2015-0344.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-0344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/adobe-connect/release-note/connect-94-release-notes.html#Issues%20Resolved",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/adobe-connect/release-note/connect-94-release-notes.html#Issues%20Resolved"
},
{
"name" : "1032567",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032567"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the web app in Adobe Connect before 9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/adobe-connect/release-note/connect-94-release-notes.html#Issues%20Resolved",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/adobe-connect/release-note/connect-94-release-notes.html#Issues%20Resolved"
},
{
"name": "1032567",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032567"
}
]
}
}

130
2015/0xxx/CVE-2015-0345.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0345",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-0345",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/coldfusion/apsb15-07.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/coldfusion/apsb15-07.html"
},
{
"name" : "1032106",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 16 and 11 before Update 5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032106",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032106"
},
{
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb15-07.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb15-07.html"
}
]
}
}

130
2015/0xxx/CVE-2015-0461.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0461",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Authentication Engine."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name" : "1032131",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032131"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Authentication Engine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "1032131",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032131"
}
]
}
}

34
2015/0xxx/CVE-2015-0790.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0790",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-0790",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

130
2015/0xxx/CVE-2015-0951.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0951",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.x-cart.com/5-1-11-released.html",
"refsource" : "CONFIRM",
"url" : "https://blog.x-cart.com/5-1-11-released.html"
},
{
"name" : "VU#924124",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/924124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "X-Cart before 5.1.11 allows remote authenticated users to read or delete address data of arbitrary accounts via a modified (1) update or (2) remove request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blog.x-cart.com/5-1-11-released.html",
"refsource": "CONFIRM",
"url": "https://blog.x-cart.com/5-1-11-released.html"
},
{
"name": "VU#924124",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/924124"
}
]
}
}

150
2015/1xxx/CVE-2015-1087.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1087",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT204661",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204661"
},
{
"name" : "APPLE-SA-2015-04-08-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name" : "73978",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73978"
},
{
"name" : "1032050",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032050"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Backup in Apple iOS before 8.3 allows attackers to read arbitrary files via a crafted relative path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73978"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}

34
2015/1xxx/CVE-2015-1991.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1991",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-1991",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none."
}
]
}
}

180
2015/5xxx/CVE-2015-5273.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5273",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20151201 CVE-2015-5273 + CVE-2015-5287, abrt local root in Centos/Fedora/RHEL",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/12/01/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1262252",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1262252"
},
{
"name" : "https://github.com/abrt/abrt/commit/50ee8130fb4cd4ef1af7682a2c85dd99cb99424e",
"refsource" : "CONFIRM",
"url" : "https://github.com/abrt/abrt/commit/50ee8130fb4cd4ef1af7682a2c85dd99cb99424e"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "FEDORA-2015-79c1758468",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172809.html"
},
{
"name" : "RHSA-2015:2505",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2505.html"
},
{
"name" : "78113",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/78113"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The abrt-action-install-debuginfo-to-abrt-cache help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users to write to arbitrary files via a symlink attack on unpacked.cpio in a pre-created directory with a predictable name in /var/tmp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2505",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2505.html"
},
{
"name": "[oss-security] 20151201 CVE-2015-5273 + CVE-2015-5287, abrt local root in Centos/Fedora/RHEL",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/01/1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "78113",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78113"
},
{
"name": "https://github.com/abrt/abrt/commit/50ee8130fb4cd4ef1af7682a2c85dd99cb99424e",
"refsource": "CONFIRM",
"url": "https://github.com/abrt/abrt/commit/50ee8130fb4cd4ef1af7682a2c85dd99cb99424e"
},
{
"name": "FEDORA-2015-79c1758468",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172809.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1262252",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1262252"
}
]
}
}

200
2015/5xxx/CVE-2015-5546.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5546",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-5546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "GLSA-201508-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201508-01"
},
{
"name" : "RHSA-2015:1603",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1603.html"
},
{
"name" : "openSUSE-SU-2015:1781",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name" : "76283",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76283"
},
{
"name" : "1033235",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033235"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "76283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76283"
},
{
"name": "GLSA-201508-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201508-01"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"
},
{
"name": "openSUSE-SU-2015:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name": "1033235",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033235"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name": "RHSA-2015:1603",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1603.html"
}
]
}
}

140
2015/5xxx/CVE-2015-5738.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf",
"refsource" : "MISC",
"url" : "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf"
},
{
"name" : "http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions",
"refsource" : "CONFIRM",
"url" : "http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions"
},
{
"name" : "https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RSA-CRT implementation in the Cavium Software Development Kit (SDK) 2.x, when used on OCTEON II CN6xxx Hardware on Linux to support TLS with Perfect Forward Secrecy (PFS), makes it easier for remote attackers to obtain private RSA keys by conducting a Lenstra side-channel attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf",
"refsource": "MISC",
"url": "https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf"
},
{
"name": "https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html",
"refsource": "CONFIRM",
"url": "https://support.f5.com/kb/en-us/solutions/public/k/91/sol91245485.html"
},
{
"name": "http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions",
"refsource": "CONFIRM",
"url": "http://fortiguard.com/advisory/rsa-crt-key-leak-under-certain-conditions"
}
]
}
}

34
2015/5xxx/CVE-2015-5972.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5972",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-5972",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

120
2015/5xxx/CVE-2015-5994.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote attackers to obtain administrative privileges by leveraging a Wi-Fi session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-5994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#630872",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/630872"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote attackers to obtain administrative privileges by leveraging a Wi-Fi session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#630872",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/630872"
}
]
}
}

132
2018/11xxx/CVE-2018-11796.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-10-09T00:00:00",
"ID" : "CVE-2018-11796",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Tika",
"version" : {
"version_data" : [
{
"version_value" : "Apache Tomcat 0.1 to 1.19"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-10-09T00:00:00",
"ID": "CVE-2018-11796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tika",
"version": {
"version_data": [
{
"version_value": "Apache Tomcat 0.1 to 1.19"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E",
"refsource" : "CONFIRM",
"url" : "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E"
},
{
"name" : "105585",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105585"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Tika 1.19 (CVE-2018-11761), we added an entity expansion limit for XML parsing. However, Tika reuses SAXParsers and calls reset() after each parse, which, for Xerces2 parsers, as per the documentation, removes the user-specified SecurityManager and thus removes entity expansion limits after the first parse. Apache Tika versions from 0.1 to 1.19 are therefore still vulnerable to entity expansions which can lead to a denial of service attack. Users should upgrade to 1.19.1 or later."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105585"
},
{
"name": "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E",
"refsource": "CONFIRM",
"url": "https://lists.apache.org/thread.html/88de8350cda9b184888ec294c813c5bd8a2081de8fd3666f8904bc05@%3Cdev.tika.apache.org%3E"
}
]
}
}

34
2018/3xxx/CVE-2018-3339.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3339",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3339",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2018/3xxx/CVE-2018-3570.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-07-05T00:00:00",
"ID" : "CVE-2018-3570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_for_each macro was not used correctly which could lead to an untrusted pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted Pointer Dereference in Core"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-07-05T00:00:00",
"ID": "CVE-2018-3570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-07-01#qualcomm-components",
"refsource" : "MISC",
"url" : "https://source.android.com/security/bulletin/pixel/2018-07-01#qualcomm-components"
},
{
"name" : "https://www.vulnerabilitycenter.com/#!vul=87349",
"refsource" : "MISC",
"url" : "https://www.vulnerabilitycenter.com/#!vul=87349"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the cpuidle driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, the list_for_each macro was not used correctly which could lead to an untrusted pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference in Core"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.vulnerabilitycenter.com/#!vul=87349",
"refsource": "MISC",
"url": "https://www.vulnerabilitycenter.com/#!vul=87349"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-07-01#qualcomm-components",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/pixel/2018-07-01#qualcomm-components"
}
]
}
}

142
2018/3xxx/CVE-2018-3953.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-10-16T00:00:00",
"ID" : "CVE-2018-3953",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ESeries E1200",
"version" : {
"version_data" : [
{
"version_value" : "Firmware Version 2.0.09"
}
]
}
},
{
"product_name" : "ESeries E2500",
"version" : {
"version_data" : [
{
"version_value" : "Firmware Version 3.0.04"
}
]
}
}
]
},
"vendor_name" : "Linksys"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the 'start_lltd' function. Within the 'start_lltd' function, a 'nvram_get' call is used to obtain the value of the user-controlled 'machine_name' NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-10-16T00:00:00",
"ID": "CVE-2018-3953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESeries E1200",
"version": {
"version_data": [
{
"version_value": "Firmware Version 2.0.09"
}
]
}
},
{
"product_name": "ESeries E2500",
"version": {
"version_data": [
{
"version_value": "Firmware Version 3.0.04"
}
]
}
}
]
},
"vendor_name": "Linksys"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the 'start_lltd' function. Within the 'start_lltd' function, a 'nvram_get' call is used to obtain the value of the user-controlled 'machine_name' NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
]
}
}

172
2018/6xxx/CVE-2018-6038.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6038",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "64.0.3282.119"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Heap buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "64.0.3282.119"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name" : "https://crbug.com/774174",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/774174"
},
{
"name" : "DSA-4103",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4103"
},
{
"name" : "RHSA-2018:0265",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0265"
},
{
"name" : "102797",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102797"
},
{
"name" : "1040282",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040282"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap buffer overflow in WebGL in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Heap buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"
},
{
"name": "DSA-4103",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4103"
},
{
"name": "https://crbug.com/774174",
"refsource": "CONFIRM",
"url": "https://crbug.com/774174"
},
{
"name": "102797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102797"
},
{
"name": "1040282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040282"
},
{
"name": "RHSA-2018:0265",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0265"
}
]
}
}

120
2018/6xxx/CVE-2018-6584.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6584",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44108",
"refsource" : "EXPLOIT-DB",
"url" : "https://exploit-db.com/exploits/44108"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44108",
"refsource": "EXPLOIT-DB",
"url": "https://exploit-db.com/exploits/44108"
}
]
}
}

162
2018/6xxx/CVE-2018-6973.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@vmware.com",
"DATE_PUBLIC" : "2018-08-14T00:00:00",
"ID" : "CVE-2018-6973",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Workstation",
"version" : {
"version_data" : [
{
"version_value" : "14.x before 14.1.3"
}
]
}
},
{
"product_name" : "Fusion",
"version" : {
"version_data" : [
{
"version_value" : "10.x before 10.1.3"
}
]
}
}
]
},
"vendor_name" : "VMware"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds write vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security@vmware.com",
"DATE_PUBLIC": "2018-08-14T00:00:00",
"ID": "CVE-2018-6973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Workstation",
"version": {
"version_data": [
{
"version_value": "14.x before 14.1.3"
}
]
}
},
{
"product_name": "Fusion",
"version": {
"version_data": [
{
"version_value": "10.x before 10.1.3"
}
]
}
}
]
},
"vendor_name": "VMware"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.vmware.com/security/advisories/VMSA-2018-0022.html",
"refsource" : "CONFIRM",
"url" : "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
},
{
"name" : "105094",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105094"
},
{
"name" : "1041491",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041491"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "VMware Workstation (14.x before 14.1.3) and Fusion (10.x before 10.1.3) contain an out-of-bounds write vulnerability in the e1000 device. This issue may allow a guest to execute code on the host."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-bounds write vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041491",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041491"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0022.html"
},
{
"name": "105094",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105094"
}
]
}
}

130
2018/7xxx/CVE-2018-7048.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2018-7048.txt",
"refsource" : "MISC",
"url" : "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2018-7048.txt"
},
{
"name" : "https://www.wowza.com/docs/wowza-streaming-engine-4-7-1-release-notes",
"refsource" : "MISC",
"url" : "https://www.wowza.com/docs/wowza-streaming-engine-4-7-1-release-notes"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Wowza Streaming Engine before 4.7.1. There is a denial of service (memory consumption) via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2018-7048.txt",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/WowzaMediaSystems/public_cve/master/wowza-streaming-engine/CVE-2018-7048.txt"
},
{
"name": "https://www.wowza.com/docs/wowza-streaming-engine-4-7-1-release-notes",
"refsource": "MISC",
"url": "https://www.wowza.com/docs/wowza-streaming-engine-4-7-1-release-notes"
}
]
}
}

34
2018/7xxx/CVE-2018-7343.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7343",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7343",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7978.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7978",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-7978",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

140
2018/8xxx/CVE-2018-8305.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8305",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Mail, Calendar, and People in Windows 8.1 App Store",
"version" : {
"version_data" : [
{
"version_value" : "Mail, Calendar, and People in Windows 8.1 App Store"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka \"Windows Mail Client Information Disclosure Vulnerability.\" This affects Mail, Calendar, and People in Windows 8.1 App Store."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mail, Calendar, and People in Windows 8.1 App Store",
"version": {
"version_data": [
{
"version_value": "Mail, Calendar, and People in Windows 8.1 App Store"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8305",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8305"
},
{
"name" : "104618",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104618"
},
{
"name" : "1041270",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041270"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in Windows Mail Client when a message is opened, aka \"Windows Mail Client Information Disclosure Vulnerability.\" This affects Mail, Calendar, and People in Windows 8.1 App Store."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041270",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041270"
},
{
"name": "104618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104618"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8305",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8305"
}
]
}
}

312
2018/8xxx/CVE-2018-8619.json
View File

@ -1,158 +1,158 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8619",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Internet Explorer 9",
"version" : {
"version_data" : [
{
"version_value" : "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value" : "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name" : "Internet Explorer 11",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value" : "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value" : "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value" : "Windows 8.1 for 32-bit systems"
},
{
"version_value" : "Windows 8.1 for x64-based systems"
},
{
"version_value" : "Windows RT 8.1"
},
{
"version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value" : "Windows Server 2012 R2"
},
{
"version_value" : "Windows Server 2016"
},
{
"version_value" : "Windows Server 2019"
}
]
}
},
{
"product_name" : "Internet Explorer 10",
"version" : {
"version_data" : [
{
"version_value" : "Windows Server 2012"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka \"Internet Explorer Remote Code Execution Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Internet Explorer 9",
"version": {
"version_data": [
{
"version_value": "Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "Windows Server 2008 for x64-based Systems Service Pack 2"
}
]
}
},
{
"product_name": "Internet Explorer 11",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows Server 2019"
}
]
}
},
{
"product_name": "Internet Explorer 10",
"version": {
"version_data": [
{
"version_value": "Windows Server 2012"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "46023",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46023/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8619",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8619"
},
{
"name" : "106119",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106119"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka \"Internet Explorer Remote Code Execution Vulnerability.\" This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106119"
},
{
"name": "46023",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46023/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8619",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8619"
}
]
}
}

188
2018/8xxx/CVE-2018-8621.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8621",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows Server 2012, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8622."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8621",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8621"
},
{
"name" : "106085",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106085"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows Server 2012, Windows 7, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8622."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8621",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8621"
},
{
"name": "106085",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106085"
}
]
}
}