admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:56:10 +00:00
parent a14a757acd
commit 091351ed6a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 4244 additions and 4244 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
2005/0xxx/CVE-2005-0570.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "profile.php in PunBB 1.2.1 allows remote attackers to cause a denial of service (account lockout) by setting the user's password to NULL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050224 Multiple vulns in punBB",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110927754230666&w=2"
},
{
"name" : "12652",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12652"
},
{
"name" : "14394",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14394"
},
{
"name" : "punbb-profile-dos(19483)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19483"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "profile.php in PunBB 1.2.1 allows remote attackers to cause a denial of service (account lockout) by setting the user's password to NULL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12652"
},
{
"name": "14394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14394"
},
{
"name": "20050224 Multiple vulns in punBB",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110927754230666&w=2"
},
{
"name": "punbb-profile-dos(19483)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19483"
}
]
}
}

158
2005/0xxx/CVE-2005-0598.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0598",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0598",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050224 ACNS Denial of Service and Default Admin Password Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20050224-acnsdos.shtml"
},
{
"name" : "VU#579240",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/579240"
},
{
"name" : "12648",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12648"
},
{
"name" : "14395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14395"
},
{
"name" : "cisco-realserver-realsubscriber-dos(19469)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19469"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RealServer RealSubscriber on Cisco devices running Application and Content Networking System (ACNS) 5.1 allow remote attackers to cause a denial of service (CPU consumption) via malformed packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12648"
},
{
"name": "cisco-realserver-realsubscriber-dos(19469)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19469"
},
{
"name": "20050224 ACNS Denial of Service and Default Admin Password Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050224-acnsdos.shtml"
},
{
"name": "14395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14395"
},
{
"name": "VU#579240",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/579240"
}
]
}
}

128
2005/0xxx/CVE-2005-0640.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0640",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the \"Change Credentials for Database\" window, which allows local users to recover the SQL Admin password via certain methods."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=Qo64323",
"refsource" : "CONFIRM",
"url" : "http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=Qo64323"
},
{
"name" : "14454",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14454"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the \"Change Credentials for Database\" window, which allows local users to recover the SQL Admin password via certain methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14454"
},
{
"name": "http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=Qo64323",
"refsource": "CONFIRM",
"url": "http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=Qo64323"
}
]
}
}

218
2005/1xxx/CVE-2005-1234.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1234",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060725 PHP-Auction SQL injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/441190/100/0/threaded"
},
{
"name" : "http://www.snkenjoi.com/secadv/secadv9.txt",
"refsource" : "MISC",
"url" : "http://www.snkenjoi.com/secadv/secadv9.txt"
},
{
"name" : "http://www.aria-security.net/advisory/phpauction.txt",
"refsource" : "MISC",
"url" : "http://www.aria-security.net/advisory/phpauction.txt"
},
{
"name" : "http://www.phpbb-auction.com/sutra5600.html",
"refsource" : "CONFIRM",
"url" : "http://www.phpbb-auction.com/sutra5600.html"
},
{
"name" : "13283",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13283"
},
{
"name" : "13284",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13284"
},
{
"name" : "15704",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15704"
},
{
"name" : "15705",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15705"
},
{
"name" : "1013779",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013779"
},
{
"name" : "15029",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15029"
},
{
"name" : "phpbb-auction-sql-injection(20203)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20203"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.snkenjoi.com/secadv/secadv9.txt",
"refsource": "MISC",
"url": "http://www.snkenjoi.com/secadv/secadv9.txt"
},
{
"name": "20060725 PHP-Auction SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/441190/100/0/threaded"
},
{
"name": "15704",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15704"
},
{
"name": "13283",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13283"
},
{
"name": "15705",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15705"
},
{
"name": "http://www.phpbb-auction.com/sutra5600.html",
"refsource": "CONFIRM",
"url": "http://www.phpbb-auction.com/sutra5600.html"
},
{
"name": "15029",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15029"
},
{
"name": "http://www.aria-security.net/advisory/phpauction.txt",
"refsource": "MISC",
"url": "http://www.aria-security.net/advisory/phpauction.txt"
},
{
"name": "1013779",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013779"
},
{
"name": "13284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13284"
},
{
"name": "phpbb-auction-sql-injection(20203)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20203"
}
]
}
}

138
2005/1xxx/CVE-2005-1369.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8, and 2.6.12 before 2.6.12-rc2, create the sysfs \"alarms\" file with write permissions, which allows local users to cause a denial of service (CPU consumption) by attempting to write to the file, which does not have an associated store function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8"
},
{
"name" : "http://lkml.org/lkml/2005/4/20/159",
"refsource" : "CONFIRM",
"url" : "http://lkml.org/lkml/2005/4/20/159"
},
{
"name" : "FLSA:157459-3",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8, and 2.6.12 before 2.6.12-rc2, create the sysfs \"alarms\" file with write permissions, which allows local users to cause a denial of service (CPU consumption) by attempting to write to the file, which does not have an associated store function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8"
},
{
"name": "FLSA:157459-3",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name": "http://lkml.org/lkml/2005/4/20/159",
"refsource": "CONFIRM",
"url": "http://lkml.org/lkml/2005/4/20/159"
}
]
}
}

118
2005/1xxx/CVE-2005-1568.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtain sensitive information via an invalid topic parameter, which reveals the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050512 Directtopics Multiple Vulnerabilities (Security Advisory)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111592417803514&w=2"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtain sensitive information via an invalid topic parameter, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050512 Directtopics Multiple Vulnerabilities (Security Advisory)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111592417803514&w=2"
}
]
}
}

198
2005/1xxx/CVE-2005-1589.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1589",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20050517 [PATCH] Fix root hole in pktcdvd",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-kernel&m=111630531515901&w=2"
},
{
"name" : "20050516 Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html"
},
{
"name" : "20050517 Re: Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html"
},
{
"name" : "20050517 Linux kernel pktcdvd ioctl break user space limit vulnerability [corrected]",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html"
},
{
"name" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10"
},
{
"name" : "MDKSA-2005:219",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219"
},
{
"name" : "13651",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13651"
},
{
"name" : "ADV-2005-0557",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0557"
},
{
"name" : "17826",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17826"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10",
"refsource": "CONFIRM",
"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10"
},
{
"name": "[linux-kernel] 20050517 [PATCH] Fix root hole in pktcdvd",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel&m=111630531515901&w=2"
},
{
"name": "ADV-2005-0557",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0557"
},
{
"name": "20050516 Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0045.html"
},
{
"name": "13651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13651"
},
{
"name": "20050517 Re: Linux kernel pktcdvd and rawdevice ioctl break user space limit vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0046.html"
},
{
"name": "20050517 Linux kernel pktcdvd ioctl break user space limit vulnerability [corrected]",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0047.html"
},
{
"name": "17826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17826"
},
{
"name": "MDKSA-2005:219",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219"
}
]
}
}

158
2005/1xxx/CVE-2005-1595.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html"
},
{
"name" : "13560",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13560"
},
{
"name" : "16157",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16157"
},
{
"name" : "15251",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15251"
},
{
"name" : "1013924",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013924"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16157",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16157"
},
{
"name": "15251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15251"
},
{
"name": "1013924",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013924"
},
{
"name": "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html"
},
{
"name": "13560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13560"
}
]
}
}

158
2005/1xxx/CVE-2005-1951.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1951",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF (\"%0d%0a\") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050610 osCommere HTTP Response Splitting",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111842744205117&w=2"
},
{
"name" : "http://www.gulftech.org/?node=research&article_id=00080-06102005",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00080-06102005"
},
{
"name" : "20050616 RE: osCommere HTTP Response Splitting (Solution)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111936255011735&w=2"
},
{
"name" : "13979",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13979"
},
{
"name" : "15670",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15670"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF (\"%0d%0a\") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter to banner.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050610 osCommere HTTP Response Splitting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111842744205117&w=2"
},
{
"name": "15670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15670"
},
{
"name": "20050616 RE: osCommere HTTP Response Splitting (Solution)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111936255011735&w=2"
},
{
"name": "http://www.gulftech.org/?node=research&article_id=00080-06102005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00080-06102005"
},
{
"name": "13979",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13979"
}
]
}
}

158
2005/3xxx/CVE-2005-3209.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3209",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store password information in plaintext in the (a) control, (b) content, and (c) page tables, which allows attackers with database access to obtain those passwords and gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051007 Aenovo Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112872593432359&w=2"
},
{
"name" : "http://www.kapda.ir/advisory-78.html",
"refsource" : "MISC",
"url" : "http://www.kapda.ir/advisory-78.html"
},
{
"name" : "19939",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19939"
},
{
"name" : "17117",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17117/"
},
{
"name" : "aenovo-password-information-disclosure(22549)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22549"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store password information in plaintext in the (a) control, (b) content, and (c) page tables, which allows attackers with database access to obtain those passwords and gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17117/"
},
{
"name": "20051007 Aenovo Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112872593432359&w=2"
},
{
"name": "aenovo-password-information-disclosure(22549)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22549"
},
{
"name": "http://www.kapda.ir/advisory-78.html",
"refsource": "MISC",
"url": "http://www.kapda.ir/advisory-78.html"
},
{
"name": "19939",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19939"
}
]
}
}

298
2005/3xxx/CVE-2005-3510.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3510",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051104 Apache Tomcat 5.5.x remote Denial Of Service",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/415782/30/0/threaded"
},
{
"name" : "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
},
{
"name" : "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
},
{
"name" : "http://tomcat.apache.org/security-4.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-4.html"
},
{
"name" : "http://tomcat.apache.org/security-5.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-5.html"
},
{
"name" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
"refsource" : "CONFIRM",
"url" : "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
},
{
"name" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
"refsource" : "CONFIRM",
"url" : "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
},
{
"name" : "RHSA-2006:0161",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
},
{
"name" : "RHSA-2008:0261",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name" : "239312",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
},
{
"name" : "15325",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15325"
},
{
"name" : "ADV-2008-1979",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/1979/references"
},
{
"name" : "ADV-2009-0233",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0233"
},
{
"name" : "20439",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20439"
},
{
"name" : "1015147",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015147"
},
{
"name" : "17416",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17416"
},
{
"name" : "30908",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30908"
},
{
"name" : "30899",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30899"
},
{
"name" : "33668",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33668"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2006:0161",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0161.html"
},
{
"name": "http://tomcat.apache.org/security-4.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-4.html"
},
{
"name": "30908",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30908"
},
{
"name": "17416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17416"
},
{
"name": "239312",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-239312-1"
},
{
"name": "20439",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20439"
},
{
"name": "30899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30899"
},
{
"name": "15325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15325"
},
{
"name": "ADV-2008-1979",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1979/references"
},
{
"name": "20090127 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities (Updated - v1.1)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500412/100/0/threaded"
},
{
"name": "33668",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33668"
},
{
"name": "20090124 CA20090123-01: Cohesion Tomcat Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500396/100/0/threaded"
},
{
"name": "20051104 Apache Tomcat 5.5.x remote Denial Of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/415782/30/0/threaded"
},
{
"name": "ADV-2009-0233",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0233"
},
{
"name": "1015147",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015147"
},
{
"name": "http://tomcat.apache.org/security-5.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"name": "RHSA-2008:0261",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx",
"refsource": "CONFIRM",
"url": "http://community.ca.com/blogs/casecurityresponseblog/archive/2009/01/23.aspx"
},
{
"name": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540",
"refsource": "CONFIRM",
"url": "http://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=197540"
}
]
}
}

218
2005/3xxx/CVE-2005-3808.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3808",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20051123 32bit integer overflow in invalidate_inode_pages2() (local DoS)",
"refsource" : "MLIST",
"url" : "http://seclists.org/lists/linux-kernel/2005/Nov/7839.html"
},
{
"name" : "http://www.kernel.org/hg/linux-2.6/?cs=6d5ffbb49406",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/hg/linux-2.6/?cs=6d5ffbb49406"
},
{
"name" : "FEDORA-2005-1138",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/advisories/9852"
},
{
"name" : "MDKSA-2006:018",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:018"
},
{
"name" : "SUSE-SA:2006:006",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_06_kernel.html"
},
{
"name" : "SUSE-SA:2006:012",
"refsource" : "SUSE",
"url" : "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html"
},
{
"name" : "USN-231-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/231-1/"
},
{
"name" : "15846",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15846"
},
{
"name" : "18203",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18203"
},
{
"name" : "18788",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18788"
},
{
"name" : "19038",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19038"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18788"
},
{
"name": "http://www.kernel.org/hg/linux-2.6/?cs=6d5ffbb49406",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/hg/linux-2.6/?cs=6d5ffbb49406"
},
{
"name": "19038",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19038"
},
{
"name": "15846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15846"
},
{
"name": "18203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18203"
},
{
"name": "SUSE-SA:2006:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_06_kernel.html"
},
{
"name": "[linux-kernel] 20051123 32bit integer overflow in invalidate_inode_pages2() (local DoS)",
"refsource": "MLIST",
"url": "http://seclists.org/lists/linux-kernel/2005/Nov/7839.html"
},
{
"name": "SUSE-SA:2006:012",
"refsource": "SUSE",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html"
},
{
"name": "MDKSA-2006:018",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:018"
},
{
"name": "FEDORA-2005-1138",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/advisories/9852"
},
{
"name": "USN-231-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/231-1/"
}
]
}
}

168
2005/4xxx/CVE-2005-4197.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051212 SEC Consult SA-20051211-0 :: Nortel SSL VPN Cross Site Scripting/Command Execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/419263/100/0/threaded"
},
{
"name" : "http://www.sec-consult.com/247.html",
"refsource" : "MISC",
"url" : "http://www.sec-consult.com/247.html"
},
{
"name" : "15798",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15798"
},
{
"name" : "ADV-2005-2845",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2845"
},
{
"name" : "1015341",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015341"
},
{
"name" : "17974",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17974"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015341",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015341"
},
{
"name": "http://www.sec-consult.com/247.html",
"refsource": "MISC",
"url": "http://www.sec-consult.com/247.html"
},
{
"name": "20051212 SEC Consult SA-20051211-0 :: Nortel SSL VPN Cross Site Scripting/Command Execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419263/100/0/threaded"
},
{
"name": "ADV-2005-2845",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2845"
},
{
"name": "17974",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17974"
},
{
"name": "15798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15798"
}
]
}
}

208
2005/4xxx/CVE-2005-4316.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4316",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a \"Rose Attack\" that involves sending a subset of small IP fragments that do not form a complete, larger packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040927 IPv4 fragmentation --> The Rose Attack",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/376490"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-062.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-062.htm"
},
{
"name" : "HPSBUX02087",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/419594/100/0/threaded"
},
{
"name" : "SSRT4728",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/419594/100/0/threaded"
},
{
"name" : "11258",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11258"
},
{
"name" : "oval:org.mitre.oval:def:5760",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5760"
},
{
"name" : "ADV-2005-2945",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2945"
},
{
"name" : "1015361",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015361"
},
{
"name" : "18082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18082/"
},
{
"name" : "19086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19086"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers to cause a denial of service via a \"Rose Attack\" that involves sending a subset of small IP fragments that do not form a complete, larger packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015361",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015361"
},
{
"name": "ADV-2005-2945",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2945"
},
{
"name": "SSRT4728",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/419594/100/0/threaded"
},
{
"name": "20040927 IPv4 fragmentation --> The Rose Attack",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/376490"
},
{
"name": "HPSBUX02087",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/419594/100/0/threaded"
},
{
"name": "19086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19086"
},
{
"name": "18082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18082/"
},
{
"name": "11258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11258"
},
{
"name": "oval:org.mitre.oval:def:5760",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5760"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-062.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-062.htm"
}
]
}
}

138
2005/4xxx/CVE-2005-4649.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4649",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051225 Advanced Guestbook remote XSS exploit",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1230.html"
},
{
"name" : "http://www.morx.org/guestbook.txt",
"refsource" : "MISC",
"url" : "http://www.morx.org/guestbook.txt"
},
{
"name" : "22188",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22188"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051225 Advanced Guestbook remote XSS exploit",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1230.html"
},
{
"name": "http://www.morx.org/guestbook.txt",
"refsource": "MISC",
"url": "http://www.morx.org/guestbook.txt"
},
{
"name": "22188",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22188"
}
]
}
}

188
2009/0xxx/CVE-2009-0009.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0009",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3438",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3438"
},
{
"name" : "APPLE-SA-2009-02-12",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name" : "33759",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33759"
},
{
"name" : "51980",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51980"
},
{
"name" : "ADV-2009-0422",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name" : "1021718",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/alerts/2009/Feb/1021718.html"
},
{
"name" : "33937",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33937"
},
{
"name" : "macosx-pixlet-codec-code-execution(48713)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48713"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Pixlet codec in Apple Mac OS X 10.4.11 and 10.5.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted movie file that triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33937"
},
{
"name": "33759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33759"
},
{
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "macosx-pixlet-codec-code-execution(48713)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48713"
},
{
"name": "ADV-2009-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "51980",
"refsource": "OSVDB",
"url": "http://osvdb.org/51980"
},
{
"name": "1021718",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2009/Feb/1021718.html"
}
]
}
}

138
2009/0xxx/CVE-2009-0046.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
},
{
"name" : "http://www.ocert.org/advisories/ocert-2008-016.html",
"refsource" : "MISC",
"url" : "http://www.ocert.org/advisories/ocert-2008-016.html"
},
{
"name" : "ADV-2009-0045",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0045"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090107 [oCERT-2008-016] Multiple OpenSSL signature verification API misuses",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499827/100/0/threaded"
},
{
"name": "ADV-2009-0045",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0045"
},
{
"name": "http://www.ocert.org/advisories/ocert-2008-016.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2008-016.html"
}
]
}
}

168
2009/1xxx/CVE-2009-1014.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1014",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1013."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"name" : "TA09-105A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name" : "34461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34461"
},
{
"name" : "53757",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53757"
},
{
"name" : "1022057",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022057"
},
{
"name" : "34693",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34693"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.19 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2009-1013."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "53757",
"refsource": "OSVDB",
"url": "http://osvdb.org/53757"
},
{
"name": "34693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34693"
},
{
"name": "TA09-105A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"name": "1022057",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022057"
}
]
}
}

198
2009/1xxx/CVE-2009-1134.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1134",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka \"Record Pointer Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090610 ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504213/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-040/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-040/"
},
{
"name" : "MS09-021",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name" : "TA09-160A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name" : "35246",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35246"
},
{
"name" : "54958",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54958"
},
{
"name" : "oval:org.mitre.oval:def:5922",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922"
},
{
"name" : "1022351",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022351"
},
{
"name" : "ADV-2009-1540",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1540"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka \"Record Pointer Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35246"
},
{
"name": "20090610 ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504213/100/0/threaded"
},
{
"name": "ADV-2009-1540",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "1022351",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "54958",
"refsource": "OSVDB",
"url": "http://osvdb.org/54958"
},
{
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-040/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-040/"
},
{
"name": "oval:org.mitre.oval:def:5922",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5922"
}
]
}
}

158
2009/1xxx/CVE-2009-1520.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1520",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21384389",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21384389"
},
{
"name" : "IC59994",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IC59994"
},
{
"name" : "32604",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32604"
},
{
"name" : "ADV-2009-1235",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1235"
},
{
"name" : "ibm-tsm-webgui-bo(50328)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50328"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) client 5.1.0.0 through 5.1.8.2, 5.2.0.0 through 5.2.5.3, 5.3.0.0 through 5.3.6.4, 5.4.0.0 through 5.4.2.6, and 5.5.0.0 through 5.5.1.17 allows attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-tsm-webgui-bo(50328)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50328"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21384389",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21384389"
},
{
"name": "IC59994",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IC59994"
},
{
"name": "ADV-2009-1235",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1235"
},
{
"name": "32604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32604"
}
]
}
}

238
2009/1xxx/CVE-2009-1603.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1603",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090508 OpenSC 0.11.8 released with security update",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/05/08/1"
},
{
"name" : "[opensc-announce] 20090508 OpenSC 0.11.8 released with security update",
"refsource" : "MLIST",
"url" : "http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html"
},
{
"name" : "FEDORA-2009-4883",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html"
},
{
"name" : "FEDORA-2009-4919",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html"
},
{
"name" : "FEDORA-2009-4928",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html"
},
{
"name" : "FEDORA-2009-4967",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html"
},
{
"name" : "GLSA-200908-01",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200908-01.xml"
},
{
"name" : "MDVSA-2009:123",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:123"
},
{
"name" : "35035",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35035"
},
{
"name" : "35293",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35293"
},
{
"name" : "35309",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35309"
},
{
"name" : "36074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36074"
},
{
"name" : "ADV-2009-1295",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1295"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used with unspecified third-party PKCS#11 modules, generates RSA keys with incorrect public exponents, which allows attackers to read the cleartext form of messages that were intended to be encrypted."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1295",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1295"
},
{
"name": "35293",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35293"
},
{
"name": "FEDORA-2009-4919",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01420.html"
},
{
"name": "[oss-security] 20090508 OpenSC 0.11.8 released with security update",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/08/1"
},
{
"name": "FEDORA-2009-4967",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00097.html"
},
{
"name": "FEDORA-2009-4928",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00095.html"
},
{
"name": "36074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36074"
},
{
"name": "MDVSA-2009:123",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:123"
},
{
"name": "FEDORA-2009-4883",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01432.html"
},
{
"name": "35035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35035"
},
{
"name": "[opensc-announce] 20090508 OpenSC 0.11.8 released with security update",
"refsource": "MLIST",
"url": "http://www.opensc-project.org/pipermail/opensc-announce/2009-May/000025.html"
},
{
"name": "GLSA-200908-01",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200908-01.xml"
},
{
"name": "35309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35309"
}
]
}
}

248
2009/1xxx/CVE-2009-1702.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1702",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1702",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3613",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3613"
},
{
"name" : "http://support.apple.com/kb/HT3639",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3639"
},
{
"name" : "APPLE-SA-2009-06-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name" : "APPLE-SA-2009-06-17-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "35260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35260"
},
{
"name" : "35327",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35327"
},
{
"name" : "54993",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54993"
},
{
"name" : "1022344",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022344"
},
{
"name" : "35379",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35379"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2009-1522",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name" : "ADV-2009-1621",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to improper handling of Location and History objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022344",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022344"
},
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "54993",
"refsource": "OSVDB",
"url": "http://osvdb.org/54993"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "35327",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35327"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
}
]
}
}

148
2009/4xxx/CVE-2009-4109.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4109",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4109",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx",
"refsource" : "CONFIRM",
"url" : "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx"
},
{
"name" : "37139",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37139"
},
{
"name" : "60520",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/60520"
},
{
"name" : "37480",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37480"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent anonymous users from accessing functionality related to determination of the need for an upgrade, which allows remote attackers to access version information and possibly other sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37480"
},
{
"name": "37139",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37139"
},
{
"name": "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx",
"refsource": "CONFIRM",
"url": "http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx"
},
{
"name": "60520",
"refsource": "OSVDB",
"url": "http://osvdb.org/60520"
}
]
}
}

178
2009/4xxx/CVE-2009-4452.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4452",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091216 Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508508/100/0/threaded"
},
{
"name" : "10484",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10484"
},
{
"name" : "1023366",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023366"
},
{
"name" : "1023367",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023367"
},
{
"name" : "37398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37398"
},
{
"name" : "37730",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37730"
},
{
"name" : "ADV-2009-3573",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3573"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; Anti-Virus 6.0 (6.0.3.837), 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); and Internet Security 7 (7.0.1.325), 2009 (8.0.0.x), and 2010 (9.0.0.463); use weak permissions (Everyone:Full Control) for the BASES directory, which allows local users to gain SYSTEM privileges by replacing an executable or DLL with a Trojan horse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3573",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3573"
},
{
"name": "1023366",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023366"
},
{
"name": "37730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37730"
},
{
"name": "20091216 Kaspersky Lab Multiple Products Local Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508508/100/0/threaded"
},
{
"name": "10484",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10484"
},
{
"name": "37398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37398"
},
{
"name": "1023367",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023367"
}
]
}
}

158
2009/4xxx/CVE-2009-4713.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4713",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9261",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9261"
},
{
"name" : "35820",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35820"
},
{
"name" : "56596",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56596"
},
{
"name" : "56597",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56597"
},
{
"name" : "35966",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35966"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to inject arbitrary web script or HTML via (1) the cod_categoria parameter to categoria.php, (2) the opcao parameter to index.php, and the PATH_INFO to (3) categoria.php and (4) index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56596",
"refsource": "OSVDB",
"url": "http://osvdb.org/56596"
},
{
"name": "35820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35820"
},
{
"name": "9261",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9261"
},
{
"name": "35966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35966"
},
{
"name": "56597",
"refsource": "OSVDB",
"url": "http://osvdb.org/56597"
}
]
}
}

148
2009/4xxx/CVE-2009-4876.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4876",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9203",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9203"
},
{
"name" : "56008",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56008"
},
{
"name" : "35891",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35891"
},
{
"name" : "netrixcms-cikkform-security-bypass(51846)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51846"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify arbitrary pages via a direct request using the cid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56008",
"refsource": "OSVDB",
"url": "http://osvdb.org/56008"
},
{
"name": "9203",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9203"
},
{
"name": "35891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35891"
},
{
"name": "netrixcms-cikkform-security-bypass(51846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51846"
}
]
}
}

148
2009/4xxx/CVE-2009-4893.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4893",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/06/14/13"
},
{
"name" : "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt",
"refsource" : "CONFIRM",
"url" : "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt"
},
{
"name" : "GLSA-201006-21",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name" : "42077",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/42077"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when allow::options::noident is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201006-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201006-21.xml"
},
{
"name": "[oss-security] 20100614 Re: CVE request: UnrealIRCd 3.2.8.1 source code contained a backdoor allowing for remote command execution",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/06/14/13"
},
{
"name": "42077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/42077"
},
{
"name": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt",
"refsource": "CONFIRM",
"url": "http://www.unrealircd.com/txt/unrealsecadvisory.20090413.txt"
}
]
}
}

138
2012/2xxx/CVE-2012-2190.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2190",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21606096",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21606096"
},
{
"name" : "PM66218",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM66218"
},
{
"name" : "ibm-multiple-gskit-hello-dos(75994)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75994"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.4, and 8.5.x before 8.5.0.1, allows remote attackers to cause a denial of service (daemon crash) via a crafted ClientHello message in the TLS Handshake Protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ibm-multiple-gskit-hello-dos(75994)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75994"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21606096",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21606096"
},
{
"name": "PM66218",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM66218"
}
]
}
}

32
2012/2xxx/CVE-2012-2434.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2434",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2434",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

218
2012/2xxx/CVE-2012-2655.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2655",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.postgresql.org/about/news/1398/",
"refsource" : "CONFIRM",
"url" : "http://www.postgresql.org/about/news/1398/"
},
{
"name" : "DSA-2491",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2491"
},
{
"name" : "FEDORA-2012-8893",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html"
},
{
"name" : "FEDORA-2012-8915",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html"
},
{
"name" : "FEDORA-2012-8924",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html"
},
{
"name" : "MDVSA-2012:092",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092"
},
{
"name" : "RHSA-2012:1037",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1037.html"
},
{
"name" : "openSUSE-SU-2012:1299",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
},
{
"name" : "openSUSE-SU-2012:1251",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
},
{
"name" : "openSUSE-SU-2012:1288",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
},
{
"name" : "50718",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50718"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.postgresql.org/about/news/1398/",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news/1398/"
},
{
"name": "50718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50718"
},
{
"name": "FEDORA-2012-8924",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082292.html"
},
{
"name": "FEDORA-2012-8893",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082258.html"
},
{
"name": "DSA-2491",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2491"
},
{
"name": "RHSA-2012:1037",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1037.html"
},
{
"name": "FEDORA-2012-8915",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082294.html"
},
{
"name": "MDVSA-2012:092",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:092"
},
{
"name": "openSUSE-SU-2012:1251",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html"
},
{
"name": "openSUSE-SU-2012:1288",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html"
},
{
"name": "openSUSE-SU-2012:1299",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html"
}
]
}
}

178
2012/6xxx/CVE-2012-6137.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6137",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=885130",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=885130"
},
{
"name" : "RHSA-2013:0788",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0788.html"
},
{
"name" : "59674",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/59674"
},
{
"name" : "93058",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/93058"
},
{
"name" : "1028520",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1028520"
},
{
"name" : "53330",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/53330"
},
{
"name" : "redhat-ssl-cve20126137-sec-bypass(84020)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84020"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does not verify the Red Hat Network Classic server's X.509 certificate when migrating to a Certificate-based Red Hat Network, which allows remote man-in-the-middle attackers to obtain sensitive information such as user credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59674"
},
{
"name": "93058",
"refsource": "OSVDB",
"url": "http://osvdb.org/93058"
},
{
"name": "1028520",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1028520"
},
{
"name": "53330",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/53330"
},
{
"name": "redhat-ssl-cve20126137-sec-bypass(84020)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84020"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=885130",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=885130"
},
{
"name": "RHSA-2013:0788",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0788.html"
}
]
}
}

32
2012/6xxx/CVE-2012-6185.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6185",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6185",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

118
2012/6xxx/CVE-2012-6502.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\\\127.0.0.1\\C$\\ sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.nsfocus.com/en/2012/advisories_1228/119.html",
"refsource" : "MISC",
"url" : "http://www.nsfocus.com/en/2012/advisories_1228/119.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer before 10 allows remote attackers to obtain sensitive information about the existence of files, and read certain data from files, via a UNC share pathname in the SRC attribute of a SCRIPT element, as demonstrated by reading a name-value pair from a local file via a \\\\127.0.0.1\\C$\\ sequence."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.nsfocus.com/en/2012/advisories_1228/119.html",
"refsource": "MISC",
"url": "http://www.nsfocus.com/en/2012/advisories_1228/119.html"
}
]
}
}

118
2015/1xxx/CVE-2015-1522.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read) via a crafted DNP3 packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/bro/bro/commit/6cedd67c381ff22fde653adf02ee31caf66c81a0",
"refsource" : "CONFIRM",
"url" : "https://github.com/bro/bro/commit/6cedd67c381ff22fde653adf02ee31caf66c81a0"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject certain non-zero values of a packet length, which allows remote attackers to cause a denial of service (buffer overflow or buffer over-read) via a crafted DNP3 packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bro/bro/commit/6cedd67c381ff22fde653adf02ee31caf66c81a0",
"refsource": "CONFIRM",
"url": "https://github.com/bro/bro/commit/6cedd67c381ff22fde653adf02ee31caf66c81a0"
}
]
}
}

178
2015/1xxx/CVE-2015-1935.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902661",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902661"
},
{
"name" : "IT08543",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08543"
},
{
"name" : "IT08656",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08656"
},
{
"name" : "IT08667",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08667"
},
{
"name" : "IT08668",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08668"
},
{
"name" : "75908",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75908"
},
{
"name" : "1033063",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033063"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75908"
},
{
"name": "IT08543",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08543"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21902661",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902661"
},
{
"name": "1033063",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033063"
},
{
"name": "IT08656",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08656"
},
{
"name": "IT08668",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08668"
},
{
"name": "IT08667",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08667"
}
]
}
}

32
2015/5xxx/CVE-2015-5028.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5028",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5028",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2015/5xxx/CVE-2015-5150.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5150",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5150",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37322",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37322/"
},
{
"name" : "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html"
},
{
"name" : "http://www.vulnerability-lab.com/get_content.php?id=1501",
"refsource" : "MISC",
"url" : "http://www.vulnerability-lab.com/get_content.php?id=1501"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37322",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37322/"
},
{
"name": "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=1501",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=1501"
}
]
}
}

128
2015/5xxx/CVE-2015-5406.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5407 and CVE-2015-5408."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2015-5406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893"
},
{
"name" : "76359",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76359"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView Revenue Leakage Control 4.1, 4.2, and 4.3; CentralView Dealer Performance Audit 2.0 and 2.1; CentralView Credit Risk Control 2.1, 2.2, and 2.3; CentralView Roaming Fraud Control 2.1, 2.2, and 2.3; and CentralView Subscription Fraud Prevention 2.0 and 2.1 allow remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-5407 and CVE-2015-5408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04751893"
},
{
"name": "76359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76359"
}
]
}
}

138
2015/5xxx/CVE-2015-5698.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5698",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02"
},
{
"name" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf"
},
{
"name" : "1033419",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033419"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033419",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033419"
},
{
"name": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-134003.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-239-02"
}
]
}
}

32
2018/11xxx/CVE-2018-11216.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11216",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11216",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2018/11xxx/CVE-2018-11695.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11695",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/sass/libsass/issues/2664",
"refsource" : "MISC",
"url" : "https://github.com/sass/libsass/issues/2664"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in LibSass through 3.5.2. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sass/libsass/issues/2664",
"refsource": "MISC",
"url": "https://github.com/sass/libsass/issues/2664"
}
]
}
}

148
2018/11xxx/CVE-2018-11906.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=1dffcbf6fea3667a9a19dad70ddba12eff5ccbfb",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=1dffcbf6fea3667a9a19dad70ddba12eff5ccbfb"
},
{
"name" : "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=0eeb4558d541fac40b486a224eb6c601b64115a1",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=0eeb4558d541fac40b486a224eb6c601b64115a1"
},
{
"name" : "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=fba5fe2ff19998db42acd4c39a6b02246e13bee0",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=fba5fe2ff19998db42acd4c39a6b02246e13bee0"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a security concern with default privileged access to ADB and debug-fs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=fba5fe2ff19998db42acd4c39a6b02246e13bee0",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=fba5fe2ff19998db42acd4c39a6b02246e13bee0"
},
{
"name": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=1dffcbf6fea3667a9a19dad70ddba12eff5ccbfb",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=1dffcbf6fea3667a9a19dad70ddba12eff5ccbfb"
},
{
"name": "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=0eeb4558d541fac40b486a224eb6c601b64115a1",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/le/qti-conf/commit/?id=0eeb4558d541fac40b486a224eb6c601b64115a1"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
]
}
}

148
2018/11xxx/CVE-2018-11919.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in SOC infrastructure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=085e7272b4c5a41b1ab26c683591864aefab14fe",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=085e7272b4c5a41b1ab26c683591864aefab14fe"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=87925782e640efb493f21bf0e255b6a638eea334",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=87925782e640efb493f21bf0e255b6a638eea334"
},
{
"name" : "https://source.codeaurora.org/quic/qsdk/oss/kernel/linux-msm/commit/?id=456a408d62cef797107e3b0de7d05bb211742bbd",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/qsdk/oss/kernel/linux-msm/commit/?id=456a408d62cef797107e3b0de7d05bb211742bbd"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, there is a potential heap overflow and memory corruption due to improper error handling in SOC infrastructure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/qsdk/oss/kernel/linux-msm/commit/?id=456a408d62cef797107e3b0de7d05bb211742bbd",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/qsdk/oss/kernel/linux-msm/commit/?id=456a408d62cef797107e3b0de7d05bb211742bbd"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=085e7272b4c5a41b1ab26c683591864aefab14fe",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=085e7272b4c5a41b1ab26c683591864aefab14fe"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=87925782e640efb493f21bf0e255b6a638eea334",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=87925782e640efb493f21bf0e255b6a638eea334"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
]
}
}

32
2018/15xxx/CVE-2018-15648.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15648",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15648",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2018/3xxx/CVE-2018-3612.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"ID" : "CVE-2018-3612",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-3612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intel NUC kits with insufficient input validation in system firmware, potentially allows a local attacker to elevate privileges to System Management Mode (SMM)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00110.html"
}
]
}
}

118
2018/7xxx/CVE-2018-7649.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7649",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Monitorix before 3.10.1 allows XSS via CGI variables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.monitorix.org/changelog.html",
"refsource" : "CONFIRM",
"url" : "http://www.monitorix.org/changelog.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Monitorix before 3.10.1 allows XSS via CGI variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.monitorix.org/changelog.html",
"refsource": "CONFIRM",
"url": "http://www.monitorix.org/changelog.html"
}
]
}
}

138
2018/7xxx/CVE-2018-7701.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7701",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44285",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44285/"
},
{
"name" : "20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Mar/29"
},
{
"name" : "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/29"
},
{
"name": "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html",
"refsource": "MISC",
"url": "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html"
},
{
"name": "44285",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44285/"
}
]
}
}

376
2018/8xxx/CVE-2018-8251.json
View File

@ -1,191 +1,191 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8251",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka \"Media Foundation Memory Corruption Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8251",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8251"
},
{
"name" : "104398",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104398"
},
{
"name" : "1041103",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041103"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka \"Media Foundation Memory Corruption Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8251",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8251"
},
{
"name": "1041103",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041103"
},
{
"name": "104398",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104398"
}
]
}
}

426
2018/8xxx/CVE-2018-8443.json
View File

@ -1,216 +1,216 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2008",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 2"
},
{
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value" : "Itanium-Based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8445, CVE-2018-8446."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8443",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8443"
},
{
"name" : "105228",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105228"
},
{
"name" : "1041635",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041635"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8336, CVE-2018-8419, CVE-2018-8442, CVE-2018-8445, CVE-2018-8446."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105228",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105228"
},
{
"name": "1041635",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041635"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8443",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8443"
}
]
}
}

560
2018/8xxx/CVE-2018-8540.json
View File

@ -1,283 +1,283 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8540",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft .NET Framework",
"version" : {
"version_data" : [
{
"version_value" : "3.5 on Windows 10 for 32-bit Systems"
},
{
"version_value" : "3.5 on Windows 10 for x64-based Systems"
},
{
"version_value" : "3.5 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "3.5 on Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "3.5 on Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "3.5 on Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "3.5 on Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "3.5 on Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "3.5 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "3.5 on Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "3.5 on Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value" : "3.5 on Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value" : "3.5 on Windows 8.1 for 32-bit systems"
},
{
"version_value" : "3.5 on Windows 8.1 for x64-based systems"
},
{
"version_value" : "3.5 on Windows Server 2012"
},
{
"version_value" : "3.5 on Windows Server 2012 (Server Core installation)"
},
{
"version_value" : "3.5 on Windows Server 2012 R2"
},
{
"version_value" : "3.5 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value" : "3.5 on Windows Server 2016"
},
{
"version_value" : "3.5 on Windows Server 2016 (Server Core installation)"
},
{
"version_value" : "3.5 on Windows Server 2019"
},
{
"version_value" : "3.5 on Windows Server 2019 (Server Core installation)"
},
{
"version_value" : "3.5 on Windows Server, version 1709 (Server Core Installation)"
},
{
"version_value" : "3.5 on Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value" : "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value" : "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value" : "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value" : "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value" : "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value" : "4.5.2 on Windows 8.1 for 32-bit systems"
},
{
"version_value" : "4.5.2 on Windows 8.1 for x64-based systems"
},
{
"version_value" : "4.5.2 on Windows RT 8.1"
},
{
"version_value" : "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value" : "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value" : "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value" : "4.5.2 on Windows Server 2012"
},
{
"version_value" : "4.5.2 on Windows Server 2012 (Server Core installation)"
},
{
"version_value" : "4.5.2 on Windows Server 2012 R2"
},
{
"version_value" : "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value" : "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value" : "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value" : "4.6.2 on Windows 10 for 32-bit Systems"
},
{
"version_value" : "4.6.2 on Windows 10 for x64-based Systems"
},
{
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
},
{
"version_value" : "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)"
},
{
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
},
{
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
},
{
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1"
},
{
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012"
},
{
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
},
{
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2"
},
{
"version_value" : "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems"
},
{
"version_value" : "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)"
},
{
"version_value" : "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "4.7.2 on Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value" : "4.7.2 on Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value" : "4.7.2 on Windows Server 2019"
},
{
"version_value" : "4.7.2 on Windows Server 2019 (Server Core installation)"
},
{
"version_value" : "4.7.2 on Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka \".NET Framework Remote Code Injection Vulnerability.\" This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft .NET Framework",
"version": {
"version_data": [
{
"version_value": "3.5 on Windows 10 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "3.5 on Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "3.5 on Windows 8.1 for 32-bit systems"
},
{
"version_value": "3.5 on Windows 8.1 for x64-based systems"
},
{
"version_value": "3.5 on Windows Server 2012"
},
{
"version_value": "3.5 on Windows Server 2012 (Server Core installation)"
},
{
"version_value": "3.5 on Windows Server 2012 R2"
},
{
"version_value": "3.5 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "3.5 on Windows Server 2016"
},
{
"version_value": "3.5 on Windows Server 2016 (Server Core installation)"
},
{
"version_value": "3.5 on Windows Server 2019"
},
{
"version_value": "3.5 on Windows Server 2019 (Server Core installation)"
},
{
"version_value": "3.5 on Windows Server, version 1709 (Server Core Installation)"
},
{
"version_value": "3.5 on Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value": "3.5.1 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "4.5.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "4.5.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.5.2 on Windows 8.1 for 32-bit systems"
},
{
"version_value": "4.5.2 on Windows 8.1 for x64-based systems"
},
{
"version_value": "4.5.2 on Windows RT 8.1"
},
{
"version_value": "4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "4.5.2 on Windows Server 2012"
},
{
"version_value": "4.5.2 on Windows Server 2012 (Server Core installation)"
},
{
"version_value": "4.5.2 on Windows Server 2012 R2"
},
{
"version_value": "4.5.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2"
},
{
"version_value": "4.6 on Windows Server 2008 for x64-based Systems Service Pack 2"
},
{
"version_value": "4.6.2 on Windows 10 for 32-bit Systems"
},
{
"version_value": "4.6.2 on Windows 10 for x64-based Systems"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016"
},
{
"version_value": "4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation)"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2"
},
{
"version_value": "4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)"
},
{
"version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems"
},
{
"version_value": "4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation)"
},
{
"version_value": "4.7.2 on Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "4.7.2 on Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "4.7.2 on Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "4.7.2 on Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "4.7.2 on Windows Server 2019"
},
{
"version_value": "4.7.2 on Windows Server 2019 (Server Core installation)"
},
{
"version_value": "4.7.2 on Windows Server, version 1803 (Server Core Installation)"
},
{
"version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8540",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8540"
},
{
"name" : "106073",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106073"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka \".NET Framework Remote Code Injection Vulnerability.\" This affects Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.7.1/4.7.2, Microsoft .NET Framework 4.7.2, Microsoft .NET Framework 4.6.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8540",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8540"
},
{
"name": "106073",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106073"
}
]
}
}