admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:04:41 +00:00
parent fa928aafc7
commit 0ba68b87bf
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4062 additions and 4062 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
1999/0xxx/CVE-1999-0999.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0999",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS99-059",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-059"
},
{
"name" : "Q248749",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248749"
},
{
"name" : "817",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/817"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS99-059",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-059"
},
{
"name": "817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/817"
},
{
"name": "Q248749",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248749"
}
]
}
}

130
1999/1xxx/CVE-1999-1133.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1133",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBUX9709-069",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=87602880019776&w=2"
},
{
"name" : "hp-vue-dt(499)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/499"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via (1) vuefile, (2) vuepad, (3) dtfile, or (4) dtpad, which do not authenticate users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "hp-vue-dt(499)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/499"
},
{
"name": "HPSBUX9709-069",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=87602880019776&w=2"
}
]
}
}

130
1999/1xxx/CVE-1999-1185.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1185",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19980926 Root exploit for SCO OpenServer.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=90686250717719&w=2"
},
{
"name" : "sco-openserver-mscreen-bo(1379)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1379"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sco-openserver-mscreen-bo(1379)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1379"
},
{
"name": "19980926 Root exploit for SCO OpenServer.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=90686250717719&w=2"
}
]
}
}

130
1999/1xxx/CVE-1999-1224.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19971008 L0pht Advisory: IMAP4rev1 imapd server",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=87635124302928&w=2"
},
{
"name" : "imapd-core(349)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/349"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "imapd-core(349)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/349"
},
{
"name": "19971008 L0pht Advisory: IMAP4rev1 imapd server",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=87635124302928&w=2"
}
]
}
}

130
1999/1xxx/CVE-1999-1441.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19980630 Serious Linux 2.0.34 security problem",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=90221103126047&w=2"
},
{
"name" : "111",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/111"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux 2.0.34 does not properly prevent users from sending SIGIO signals to arbitrary processes, which allows local users to cause a denial of service by sending SIGIO to processes that do not catch it."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19980630 Serious Linux 2.0.34 security problem",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=90221103126047&w=2"
},
{
"name": "111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/111"
}
]
}
}

120
2000/0xxx/CVE-2000-0030.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "878",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/878"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "878",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/878"
}
]
}
}

130
2000/0xxx/CVE-2000-0257.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0257",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)...",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0004171825340.10088-100000@nimue.tpi.pl"
},
{
"name" : "1118",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1118"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1118"
},
{
"name": "20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)...",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0004171825340.10088-100000@nimue.tpi.pl"
}
]
}
}

150
2000/0xxx/CVE-2000-0485.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0485",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the \"DTS Password\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000530 Fw: Steal Passwords Using SQL Server EM",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/62771"
},
{
"name" : "MS00-041",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-041"
},
{
"name" : "1292",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1292"
},
{
"name" : "mssql-dts-reveal-passwords(4582)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4582"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the \"DTS Password\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mssql-dts-reveal-passwords(4582)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4582"
},
{
"name": "1292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1292"
},
{
"name": "MS00-041",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-041"
},
{
"name": "20000530 Fw: Steal Passwords Using SQL Server EM",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/62771"
}
]
}
}

160
2000/0xxx/CVE-2000-0816.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0816",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0816",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001006 Insecure call of external programs in Red Hat Linux tmpwatch",
"refsource" : "ISS",
"url" : "http://xforce.iss.net/alerts/advise64.php"
},
{
"name" : "RHSA-2000:080",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2000-080.html"
},
{
"name" : "MDKSA-2000:056",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/MDKSA-2000-056.php3?dis=7.1"
},
{
"name" : "1785",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1785"
},
{
"name" : "linux-tmpwatch-fuser(5320)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5320"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2000:056",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/MDKSA-2000-056.php3?dis=7.1"
},
{
"name": "RHSA-2000:080",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-080.html"
},
{
"name": "linux-tmpwatch-fuser(5320)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5320"
},
{
"name": "20001006 Insecure call of external programs in Red Hat Linux tmpwatch",
"refsource": "ISS",
"url": "http://xforce.iss.net/alerts/advise64.php"
},
{
"name": "1785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1785"
}
]
}
}

130
2000/1xxx/CVE-2000-1061.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1061",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the \"Microsoft VM ActiveX Component\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS00-075",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075"
},
{
"name" : "java-vm-applet(5127)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the \"Microsoft VM ActiveX Component\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "java-vm-applet(5127)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5127"
},
{
"name": "MS00-075",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075"
}
]
}
}

34
2005/2xxx/CVE-2005-2016.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2016",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2016",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

690
2005/2xxx/CVE-2005-2491.json
View File

@ -1,347 +1,347 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2491",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm"
},
{
"name" : "APPLE-SA-2005-11-29",
"refsource" : "APPLE",
"url" : "http://docs.info.apple.com/article.html?artnum=302847"
},
{
"name" : "DSA-800",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-800"
},
{
"name" : "DSA-817",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-817"
},
{
"name" : "DSA-819",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-819"
},
{
"name" : "DSA-821",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-821"
},
{
"name" : "FLSA:168516",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427046/100/0/threaded"
},
{
"name" : "GLSA-200509-02",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml"
},
{
"name" : "GLSA-200508-17",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml"
},
{
"name" : "GLSA-200509-08",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml"
},
{
"name" : "GLSA-200509-12",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml"
},
{
"name" : "GLSA-200509-19",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml"
},
{
"name" : "HPSBUX02074",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/428138/100/0/threaded"
},
{
"name" : "SSRT051251",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/428138/100/0/threaded"
},
{
"name" : "HPSBMA02159",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522"
},
{
"name" : "SSRT061238",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522"
},
{
"name" : "HPSBOV02683",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name" : "SSRT090208",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name" : "RHSA-2005:761",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-761.html"
},
{
"name" : "RHSA-2006:0197",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0197.html"
},
{
"name" : "OpenPKG-SA-2005.018",
"refsource" : "OPENPKG",
"url" : "http://marc.info/?l=bugtraq&m=112606064317223&w=2"
},
{
"name" : "RHSA-2005:358",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-358.html"
},
{
"name" : "SCOSA-2006.10",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
},
{
"name" : "20060401-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name" : "102198",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1"
},
{
"name" : "SUSE-SA:2005:051",
"refsource" : "SUSE",
"url" : "http://marc.info/?l=bugtraq&m=112605112027335&w=2"
},
{
"name" : "SUSE-SA:2005:048",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_48_pcre.html"
},
{
"name" : "SUSE-SA:2005:049",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_49_php.html"
},
{
"name" : "SUSE-SA:2005:052",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_52_apache2.html"
},
{
"name" : "TSLSA-2005-0059",
"refsource" : "TRUSTIX",
"url" : "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
},
{
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html",
"refsource" : "CONFIRM",
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html"
},
{
"name" : "http://www.php.net/release_4_4_1.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/release_4_4_1.php"
},
{
"name" : "14620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14620"
},
{
"name" : "15647",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15647"
},
{
"name" : "oval:org.mitre.oval:def:11516",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516"
},
{
"name" : "ADV-2005-1511",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1511"
},
{
"name" : "ADV-2005-2659",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2659"
},
{
"name" : "ADV-2006-0789",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0789"
},
{
"name" : "ADV-2006-4320",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4320"
},
{
"name" : "ADV-2006-4502",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4502"
},
{
"name" : "oval:org.mitre.oval:def:735",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735"
},
{
"name" : "oval:org.mitre.oval:def:1496",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496"
},
{
"name" : "oval:org.mitre.oval:def:1659",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659"
},
{
"name" : "1014744",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014744"
},
{
"name" : "17813",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17813"
},
{
"name" : "16502",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16502"
},
{
"name" : "16679",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16679"
},
{
"name" : "19072",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19072"
},
{
"name" : "19193",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19193"
},
{
"name" : "17252",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17252"
},
{
"name" : "19532",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19532"
},
{
"name" : "21522",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21522"
},
{
"name" : "22691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22691"
},
{
"name" : "22875",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22875"
},
{
"name" : "604",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/604"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "OpenPKG-SA-2005.018",
"refsource": "OPENPKG",
"url": "http://marc.info/?l=bugtraq&m=112606064317223&w=2"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-216.pdf"
},
{
"name": "22691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22691"
},
{
"name": "17813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17813"
},
{
"name": "ADV-2006-4502",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4502"
},
{
"name": "GLSA-200509-08",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-08.xml"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"name": "20060401-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U"
},
{
"name": "14620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14620"
},
{
"name": "ADV-2005-2659",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2659"
},
{
"name": "FLSA:168516",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427046/100/0/threaded"
},
{
"name": "GLSA-200509-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-02.xml"
},
{
"name": "TSLSA-2005-0059",
"refsource": "TRUSTIX",
"url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
},
{
"name": "22875",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22875"
},
{
"name": "SSRT061238",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522"
},
{
"name": "SSRT090208",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name": "HPSBMA02159",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522"
},
{
"name": "oval:org.mitre.oval:def:1659",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1659"
},
{
"name": "http://www.ethereal.com/appnotes/enpa-sa-00021.html",
"refsource": "CONFIRM",
"url": "http://www.ethereal.com/appnotes/enpa-sa-00021.html"
},
{
"name": "SUSE-SA:2005:051",
"refsource": "SUSE",
"url": "http://marc.info/?l=bugtraq&m=112605112027335&w=2"
},
{
"name": "16502",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16502"
},
{
"name": "SSRT051251",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded"
},
{
"name": "21522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21522"
},
{
"name": "16679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16679"
},
{
"name": "DSA-817",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-817"
},
{
"name": "GLSA-200508-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200508-17.xml"
},
{
"name": "ADV-2005-1511",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1511"
},
{
"name": "604",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/604"
},
{
"name": "1014744",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014744"
},
{
"name": "HPSBUX02074",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/428138/100/0/threaded"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-223.pdf"
},
{
"name": "APPLE-SA-2005-11-29",
"refsource": "APPLE",
"url": "http://docs.info.apple.com/article.html?artnum=302847"
},
{
"name": "RHSA-2005:761",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-761.html"
},
{
"name": "SUSE-SA:2005:049",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_49_php.html"
},
{
"name": "DSA-819",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-819"
},
{
"name": "ADV-2006-4320",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4320"
},
{
"name": "RHSA-2005:358",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-358.html"
},
{
"name": "oval:org.mitre.oval:def:1496",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1496"
},
{
"name": "DSA-821",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-821"
},
{
"name": "HPSBOV02683",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name": "19072",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19072"
},
{
"name": "19532",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19532"
},
{
"name": "http://www.php.net/release_4_4_1.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/release_4_4_1.php"
},
{
"name": "GLSA-200509-19",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-19.xml"
},
{
"name": "oval:org.mitre.oval:def:11516",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11516"
},
{
"name": "17252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17252"
},
{
"name": "GLSA-200509-12",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-12.xml"
},
{
"name": "SUSE-SA:2005:052",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_52_apache2.html"
},
{
"name": "oval:org.mitre.oval:def:735",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A735"
},
{
"name": "15647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15647"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-159.htm"
},
{
"name": "DSA-800",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-800"
},
{
"name": "19193",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19193"
},
{
"name": "SCOSA-2006.10",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt"
},
{
"name": "102198",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1"
},
{
"name": "SUSE-SA:2005:048",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_48_pcre.html"
},
{
"name": "RHSA-2006:0197",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0197.html"
},
{
"name": "ADV-2006-0789",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0789"
}
]
}
}

120
2005/2xxx/CVE-2005-2699.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050822 SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112474427221031&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php. NOTE: if a PHPKit administrator must already have access to the end system to install or modify configuration of the product, then this issue might not cross privilege boundaries, and should not be included in CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050822 SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112474427221031&w=2"
}
]
}
}

160
2005/2xxx/CVE-2005-2793.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2793",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112542447219235&w=2"
},
{
"name" : "http://www.rgod.altervista.org/phpldap.html",
"refsource" : "MISC",
"url" : "http://www.rgod.altervista.org/phpldap.html"
},
{
"name" : "14695",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14695"
},
{
"name" : "16617",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16617/"
},
{
"name" : "phpldapadmin-welcome-file-include(22103)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16617/"
},
{
"name": "phpldapadmin-welcome-file-include(22103)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22103"
},
{
"name": "20050829 phpLDAPadmin 0.9.6 - 0.9.7/alpha5 (possibly prior versions)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112542447219235&w=2"
},
{
"name": "14695",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14695"
},
{
"name": "http://www.rgod.altervista.org/phpldap.html",
"refsource": "MISC",
"url": "http://www.rgod.altervista.org/phpldap.html"
}
]
}
}

200
2005/3xxx/CVE-2005-3570.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Horde-announce] 20051113 Horde 2.2.9 (final)",
"refsource" : "MLIST",
"url" : "http://lists.horde.org/archives/announce/2005/000231.html"
},
{
"name" : "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109&r2=1.207.2.111&ty=h",
"refsource" : "CONFIRM",
"url" : "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109&r2=1.207.2.111&ty=h"
},
{
"name" : "DSA-914",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-914"
},
{
"name" : "GLSA-200511-20",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name" : "ADV-2005-2403",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2403"
},
{
"name" : "15409",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15409"
},
{
"name" : "17468",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17468"
},
{
"name" : "17702",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17702"
},
{
"name" : "17794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17794"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified cross-site scripting (XSS) vulnerability in Horde before 2.2.9 allows remote attackers to inject arbitrary web script or HTML via \"not properly escaped error messages\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15409"
},
{
"name": "[Horde-announce] 20051113 Horde 2.2.9 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2005/000231.html"
},
{
"name": "17468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17468"
},
{
"name": "GLSA-200511-20",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-20.xml"
},
{
"name": "ADV-2005-2403",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2403"
},
{
"name": "17794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17794"
},
{
"name": "17702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17702"
},
{
"name": "DSA-914",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-914"
},
{
"name": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109&r2=1.207.2.111&ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/horde/docs/CHANGES?r1=1.207.2.109&r2=1.207.2.111&ty=h"
}
]
}
}

190
2005/3xxx/CVE-2005-3672.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3672",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Internet Key Exchange version 1 (IKEv1) implementation in Stonesoft StoneGate Firewall before 2.6.1 allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Stonesoft advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/",
"refsource" : "MISC",
"url" : "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
},
{
"name" : "http://www.stonesoft.com/support/Security_Advisories/7244.html",
"refsource" : "CONFIRM",
"url" : "http://www.stonesoft.com/support/Security_Advisories/7244.html"
},
{
"name" : "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en",
"refsource" : "MISC",
"url" : "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en"
},
{
"name" : "http://jvn.jp/niscc/NISCC-273756/index.html",
"refsource" : "MISC",
"url" : "http://jvn.jp/niscc/NISCC-273756/index.html"
},
{
"name" : "VU#226364",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/226364"
},
{
"name" : "15405",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15405"
},
{
"name" : "ADV-2005-2408",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2408"
},
{
"name" : "17566",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17566"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Internet Key Exchange version 1 (IKEv1) implementation in Stonesoft StoneGate Firewall before 2.6.1 allows remote attackers to cause a denial of service via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the Stonesoft advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en"
},
{
"name": "http://jvn.jp/niscc/NISCC-273756/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/niscc/NISCC-273756/index.html"
},
{
"name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/",
"refsource": "MISC",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c09/isakmp/"
},
{
"name": "VU#226364",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/226364"
},
{
"name": "ADV-2005-2408",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2408"
},
{
"name": "http://www.stonesoft.com/support/Security_Advisories/7244.html",
"refsource": "CONFIRM",
"url": "http://www.stonesoft.com/support/Security_Advisories/7244.html"
},
{
"name": "15405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15405"
},
{
"name": "17566",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17566"
}
]
}
}

170
2005/3xxx/CVE-2005-3843.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3843",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/11/idesk-catid-sql-inj.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/idesk-catid-sql-inj.html"
},
{
"name" : "15597",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15597"
},
{
"name" : "ADV-2005-2590",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2590"
},
{
"name" : "21117",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21117"
},
{
"name" : "17729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17729"
},
{
"name" : "idesk-faq-sql-injection(23222)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23222"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21117",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21117"
},
{
"name": "15597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15597"
},
{
"name": "idesk-faq-sql-injection(23222)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23222"
},
{
"name": "17729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17729"
},
{
"name": "http://pridels0.blogspot.com/2005/11/idesk-catid-sql-inj.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/idesk-catid-sql-inj.html"
},
{
"name": "ADV-2005-2590",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2590"
}
]
}
}

170
2005/4xxx/CVE-2005-4075.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4075",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) newsid parameter in the news sector, and (3) cat parameter in the links sector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4075",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/cfnuke-v46-multiple-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/cfnuke-v46-multiple-vuln.html"
},
{
"name" : "15778",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15778"
},
{
"name" : "ADV-2005-2795",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2795"
},
{
"name" : "21507",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21507"
},
{
"name" : "17939",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17939"
},
{
"name" : "cfnuke-index-xss(23540)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23540"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in CF_Nuke 4.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) topic and (2) newsid parameter in the news sector, and (3) cat parameter in the links sector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17939",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17939"
},
{
"name": "21507",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21507"
},
{
"name": "15778",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15778"
},
{
"name": "cfnuke-index-xss(23540)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23540"
},
{
"name": "ADV-2005-2795",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2795"
},
{
"name": "http://pridels0.blogspot.com/2005/12/cfnuke-v46-multiple-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/cfnuke-v46-multiple-vuln.html"
}
]
}
}

34
2005/4xxx/CVE-2005-4896.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4896",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4896",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2009/2xxx/CVE-2009-2099.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8959",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8959"
},
{
"name" : "35379",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35379"
},
{
"name" : "55113",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55113"
},
{
"name" : "35454",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35454"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the iJoomla RSS Feeder (com_ijoomla_rss) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cat parameter in an xml action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35379",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35379"
},
{
"name": "8959",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8959"
},
{
"name": "55113",
"refsource": "OSVDB",
"url": "http://osvdb.org/55113"
},
{
"name": "35454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35454"
}
]
}
}

140
2009/2xxx/CVE-2009-2368.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2368",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=695068",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=695068"
},
{
"name" : "35718",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35718"
},
{
"name" : "ADV-2009-1806",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1806"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1806",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1806"
},
{
"name": "35718",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35718"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=695068",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=695068"
}
]
}
}

140
2009/2xxx/CVE-2009-2458.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2458",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 graphic cards on system boards with part number 375-3463 and a hardware dash level -04 or later, allows remote attackers to cause a denial of service (panic) via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "257329",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-257329-1"
},
{
"name" : "35661",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35661"
},
{
"name" : "sunfire-xvr100-dos(51695)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51695"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 graphic cards on system boards with part number 375-3463 and a hardware dash level -04 or later, allows remote attackers to cause a denial of service (panic) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sunfire-xvr100-dos(51695)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51695"
},
{
"name": "35661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35661"
},
{
"name": "257329",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-257329-1"
}
]
}
}

170
2009/2xxx/CVE-2009-2800.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2800",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3865",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3865"
},
{
"name" : "APPLE-SA-2009-09-10-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"name" : "36354",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36354"
},
{
"name" : "57947",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/57947"
},
{
"name" : "36701",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36701"
},
{
"name" : "macos-alias-file-bo(53164)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53164"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted alias file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "macos-alias-file-bo(53164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53164"
},
{
"name": "36354",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36354"
},
{
"name": "APPLE-SA-2009-09-10-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"name": "http://support.apple.com/kb/HT3865",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3865"
},
{
"name": "36701",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36701"
},
{
"name": "57947",
"refsource": "OSVDB",
"url": "http://osvdb.org/57947"
}
]
}
}

180
2009/2xxx/CVE-2009-2865.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-2865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=18884",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=18884"
},
{
"name" : "20090923 Cisco Unified Communications Manager Express Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8116.shtml"
},
{
"name" : "36498",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36498"
},
{
"name" : "58335",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/58335"
},
{
"name" : "1022932",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022932"
},
{
"name" : "ADV-2009-2758",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2758"
},
{
"name" : "ciscoios-cme-extension-bo(53448)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53448"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the login implementation in the Extension Mobility feature in the Unified Communications Manager Express (CME) component in Cisco IOS 12.4XW, 12.4XY, 12.4XZ, and 12.4YA allows remote attackers to execute arbitrary code or cause a denial of service via crafted HTTP requests, aka Bug ID CSCsq58779."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36498",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36498"
},
{
"name": "ciscoios-cme-extension-bo(53448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53448"
},
{
"name": "20090923 Cisco Unified Communications Manager Express Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080af8116.shtml"
},
{
"name": "ADV-2009-2758",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2758"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18884",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=18884"
},
{
"name": "58335",
"refsource": "OSVDB",
"url": "http://osvdb.org/58335"
},
{
"name": "1022932",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022932"
}
]
}
}

140
2009/2xxx/CVE-2009-2899.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-2899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://communities.vmware.com/thread/348773",
"refsource" : "MISC",
"url" : "http://communities.vmware.com/thread/348773"
},
{
"name" : "https://jira.hyperic.com/browse/HHQ-1031",
"refsource" : "MISC",
"url" : "https://jira.hyperic.com/browse/HHQ-1031"
},
{
"name" : "http://support.springsource.com/security/CVE-2009-2899",
"refsource" : "CONFIRM",
"url" : "http://support.springsource.com/security/CVE-2009-2899"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The monitor perl script in the Sybase database plug-in in SpringSource Hyperic HQ before 4.3 allows local users to obtain the database password by listing the process and its arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.hyperic.com/browse/HHQ-1031",
"refsource": "MISC",
"url": "https://jira.hyperic.com/browse/HHQ-1031"
},
{
"name": "http://communities.vmware.com/thread/348773",
"refsource": "MISC",
"url": "http://communities.vmware.com/thread/348773"
},
{
"name": "http://support.springsource.com/security/CVE-2009-2899",
"refsource": "CONFIRM",
"url": "http://support.springsource.com/security/CVE-2009-2899"
}
]
}
}

240
2009/3xxx/CVE-2009-3622.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3622",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated \"UTF-8\" substrings, related to the mb_convert_encoding function in PHP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091019 [Wordpress] Resource Exhaustion (Denial of Service)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2009/Oct/263"
},
{
"name" : "[oss-security] 20091021 CVE request: Wordpress Trackback DoS",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=125612393329041&w=2"
},
{
"name" : "[oss-security] 20091021 Re: CVE request: Wordpress Trackback DoS",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=125614592004825&w=2"
},
{
"name" : "http://codes.zerial.org/php/wp-trackbacks_dos.phps",
"refsource" : "MISC",
"url" : "http://codes.zerial.org/php/wp-trackbacks_dos.phps"
},
{
"name" : "http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress/",
"refsource" : "MISC",
"url" : "http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress/"
},
{
"name" : "http://security-sh3ll.blogspot.com/2009/10/wordpress-resource-exhaustion-denial-of.html",
"refsource" : "MISC",
"url" : "http://security-sh3ll.blogspot.com/2009/10/wordpress-resource-exhaustion-denial-of.html"
},
{
"name" : "http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=530056",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=530056"
},
{
"name" : "59077",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/59077"
},
{
"name" : "1023072",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023072"
},
{
"name" : "37088",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37088"
},
{
"name" : "ADV-2009-2986",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2986"
},
{
"name" : "wordpress-wptrackback-dos(53884)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53884"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in conjunction with a charset parameter composed of many comma-separated \"UTF-8\" substrings, related to the mb_convert_encoding function in PHP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091019 [Wordpress] Resource Exhaustion (Denial of Service)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2009/Oct/263"
},
{
"name": "http://security-sh3ll.blogspot.com/2009/10/wordpress-resource-exhaustion-denial-of.html",
"refsource": "MISC",
"url": "http://security-sh3ll.blogspot.com/2009/10/wordpress-resource-exhaustion-denial-of.html"
},
{
"name": "wordpress-wptrackback-dos(53884)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53884"
},
{
"name": "[oss-security] 20091021 Re: CVE request: Wordpress Trackback DoS",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=125614592004825&w=2"
},
{
"name": "http://codes.zerial.org/php/wp-trackbacks_dos.phps",
"refsource": "MISC",
"url": "http://codes.zerial.org/php/wp-trackbacks_dos.phps"
},
{
"name": "37088",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37088"
},
{
"name": "59077",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59077"
},
{
"name": "http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress/",
"refsource": "MISC",
"url": "http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress/"
},
{
"name": "ADV-2009-2986",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2986"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=530056",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=530056"
},
{
"name": "[oss-security] 20091021 CVE request: Wordpress Trackback DoS",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=125612393329041&w=2"
},
{
"name": "1023072",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023072"
},
{
"name": "http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/"
}
]
}
}

160
2009/3xxx/CVE-2009-3888.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3888",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20091109 CVE request - kernel: NOMMU: Dont pass NULL pointers to fput() in do_mmap_pgoff()",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/11/09/2"
},
{
"name" : "[oss-security] 20091113 Re: CVE request - kernel: NOMMU: Dont pass NULL pointers to fput() in do_mmap_pgoff()",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/11/13/3"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89a8640279f8bb78aaf778d1fc5c4a6778f18064",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89a8640279f8bb78aaf778d1fc5c4a6778f18064"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.6",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.6"
},
{
"name" : "USN-864-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-864-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20091113 Re: CVE request - kernel: NOMMU: Dont pass NULL pointers to fput() in do_mmap_pgoff()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/11/13/3"
},
{
"name": "USN-864-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-864-1"
},
{
"name": "[oss-security] 20091109 CVE request - kernel: NOMMU: Dont pass NULL pointers to fput() in do_mmap_pgoff()",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/11/09/2"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.6"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89a8640279f8bb78aaf778d1fc5c4a6778f18064",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=89a8640279f8bb78aaf778d1fc5c4a6778f18064"
}
]
}
}

34
2009/4xxx/CVE-2009-4278.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4278",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4278",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2015/0xxx/CVE-2015-0001.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0001",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka \"Windows Error Reporting Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-0001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/134392/Microsoft-Windows-8.1-Ahcache.sys-NtApphelpCacheControl-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/134392/Microsoft-Windows-8.1-Ahcache.sys-NtApphelpCacheControl-Privilege-Escalation.html"
},
{
"name" : "MS15-006",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-006"
},
{
"name" : "71927",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71927"
},
{
"name" : "62134",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62134"
},
{
"name" : "ms-wer-cve20150001-security-bypass(99513)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99513"
},
{
"name" : "win-ms15kb3004365-update(99514)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99514"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Windows Error Reporting (WER) component in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to bypass the Protected Process Light protection mechanism and read the contents of arbitrary process-memory locations by leveraging administrative privileges, aka \"Windows Error Reporting Security Feature Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-006",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-006"
},
{
"name": "win-ms15kb3004365-update(99514)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99514"
},
{
"name": "ms-wer-cve20150001-security-bypass(99513)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99513"
},
{
"name": "62134",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62134"
},
{
"name": "71927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71927"
},
{
"name": "http://packetstormsecurity.com/files/134392/Microsoft-Windows-8.1-Ahcache.sys-NtApphelpCacheControl-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/134392/Microsoft-Windows-8.1-Ahcache.sys-NtApphelpCacheControl-Privilege-Escalation.html"
}
]
}
}

250
2015/0xxx/CVE-2015-0316.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0316",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-0316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html"
},
{
"name" : "https://technet.microsoft.com/library/security/2755801",
"refsource" : "CONFIRM",
"url" : "https://technet.microsoft.com/library/security/2755801"
},
{
"name" : "GLSA-201502-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-02.xml"
},
{
"name" : "RHSA-2015:0140",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0140.html"
},
{
"name" : "SUSE-SU-2015:0236",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html"
},
{
"name" : "SUSE-SU-2015:0239",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html"
},
{
"name" : "openSUSE-SU-2015:0237",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html"
},
{
"name" : "openSUSE-SU-2015:0238",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html"
},
{
"name" : "72514",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72514"
},
{
"name" : "1031706",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031706"
},
{
"name" : "62777",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62777"
},
{
"name" : "62886",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62886"
},
{
"name" : "62895",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62895"
},
{
"name" : "adobe-flash-cve20150316-code-exec(100701)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100701"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0314, CVE-2015-0318, CVE-2015-0321, CVE-2015-0329, and CVE-2015-0330."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201502-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-02.xml"
},
{
"name": "openSUSE-SU-2015:0238",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html"
},
{
"name": "62895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62895"
},
{
"name": "1031706",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031706"
},
{
"name": "62886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62886"
},
{
"name": "https://technet.microsoft.com/library/security/2755801",
"refsource": "CONFIRM",
"url": "https://technet.microsoft.com/library/security/2755801"
},
{
"name": "62777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62777"
},
{
"name": "openSUSE-SU-2015:0237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html"
},
{
"name": "SUSE-SU-2015:0236",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html"
},
{
"name": "adobe-flash-cve20150316-code-exec(100701)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100701"
},
{
"name": "72514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72514"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html"
},
{
"name": "RHSA-2015:0140",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0140.html"
},
{
"name": "SUSE-SU-2015:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html"
}
]
}
}

250
2015/0xxx/CVE-2015-0317.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-0319."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-0317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html"
},
{
"name" : "https://technet.microsoft.com/library/security/2755801",
"refsource" : "CONFIRM",
"url" : "https://technet.microsoft.com/library/security/2755801"
},
{
"name" : "GLSA-201502-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-02.xml"
},
{
"name" : "RHSA-2015:0140",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0140.html"
},
{
"name" : "SUSE-SU-2015:0236",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html"
},
{
"name" : "SUSE-SU-2015:0239",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html"
},
{
"name" : "openSUSE-SU-2015:0237",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html"
},
{
"name" : "openSUSE-SU-2015:0238",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html"
},
{
"name" : "72514",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72514"
},
{
"name" : "1031706",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031706"
},
{
"name" : "62777",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62777"
},
{
"name" : "62886",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62886"
},
{
"name" : "62895",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62895"
},
{
"name" : "adobe-flash-cve20150317-code-exec(100706)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100706"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code by leveraging an unspecified \"type confusion,\" a different vulnerability than CVE-2015-0319."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201502-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-02.xml"
},
{
"name": "openSUSE-SU-2015:0238",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html"
},
{
"name": "62895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62895"
},
{
"name": "adobe-flash-cve20150317-code-exec(100706)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100706"
},
{
"name": "1031706",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031706"
},
{
"name": "62886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62886"
},
{
"name": "https://technet.microsoft.com/library/security/2755801",
"refsource": "CONFIRM",
"url": "https://technet.microsoft.com/library/security/2755801"
},
{
"name": "62777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62777"
},
{
"name": "openSUSE-SU-2015:0237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html"
},
{
"name": "SUSE-SU-2015:0236",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html"
},
{
"name": "72514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72514"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html"
},
{
"name": "RHSA-2015:0140",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0140.html"
},
{
"name": "SUSE-SU-2015:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html"
}
]
}
}

180
2015/0xxx/CVE-2015-0812.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0812",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-0812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-32.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-32.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1128126",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1128126"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "GLSA-201512-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201512-10"
},
{
"name" : "openSUSE-SU-2015:0677",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html"
},
{
"name" : "USN-2550-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2550-1"
},
{
"name" : "1031996",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031996"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 37.0 does not require an HTTPS session for lightweight theme add-on installations, which allows man-in-the-middle attackers to bypass an intended user-confirmation requirement by deploying a crafted web site and conducting a DNS spoofing attack against a mozilla.org subdomain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031996",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031996"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1128126",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1128126"
},
{
"name": "GLSA-201512-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201512-10"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-32.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-32.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "USN-2550-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2550-1"
},
{
"name": "openSUSE-SU-2015:0677",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00003.html"
}
]
}
}

190
2015/1xxx/CVE-2015-1041.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1041",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150109 Reflecting XSS vulnerability in CMS e107 v. 1.0.4",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jan/18"
},
{
"name" : "[oss-security] 20150111 Re: CVE Request -- CMS e107 v.1.0.4 -- Reflecting XSS vulnerability in filemanager functionality",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/11/6"
},
{
"name" : "http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html"
},
{
"name" : "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html",
"refsource" : "MISC",
"url" : "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html"
},
{
"name" : "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html",
"refsource" : "MISC",
"url" : "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html"
},
{
"name" : "https://github.com/e107inc/e107v1/issues/2",
"refsource" : "MISC",
"url" : "https://github.com/e107inc/e107v1/issues/2"
},
{
"name" : "71977",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71977"
},
{
"name" : "e107-filemanager-xss(99898)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99898"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php in e107 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the e107_files/ file path in the QUERY_STRING."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html"
},
{
"name": "e107-filemanager-xss(99898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99898"
},
{
"name": "https://github.com/e107inc/e107v1/issues/2",
"refsource": "MISC",
"url": "https://github.com/e107inc/e107v1/issues/2"
},
{
"name": "http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129872/CMS-e107-1.0.4-Cross-Site-Scripting.html"
},
{
"name": "[oss-security] 20150111 Re: CVE Request -- CMS e107 v.1.0.4 -- Reflecting XSS vulnerability in filemanager functionality",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/6"
},
{
"name": "71977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71977"
},
{
"name": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html",
"refsource": "MISC",
"url": "http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html"
},
{
"name": "20150109 Reflecting XSS vulnerability in CMS e107 v. 1.0.4",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/18"
}
]
}
}

140
2015/1xxx/CVE-2015-1172.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1172",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/130282/WordPress-Holding-Pattern-0.6-Shell-Upload.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130282/WordPress-Holding-Pattern-0.6-Shell-Upload.html"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/7784",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/7784"
},
{
"name" : "72546",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72546"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130282/WordPress-Holding-Pattern-0.6-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130282/WordPress-Holding-Pattern-0.6-Shell-Upload.html"
},
{
"name": "https://wpvulndb.com/vulnerabilities/7784",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/7784"
},
{
"name": "72546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72546"
}
]
}
}

130
2015/1xxx/CVE-2015-1636.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1636",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-022",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022"
},
{
"name" : "1031895",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031895"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-022",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-022"
},
{
"name": "1031895",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031895"
}
]
}
}

34
2015/4xxx/CVE-2015-4101.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4101",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4101",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2015/4xxx/CVE-2015-4216.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4216",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4216",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150625 Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport"
},
{
"name" : "75417",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75417"
},
{
"name" : "1032725",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032725"
},
{
"name" : "1032726",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032726"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150625 Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport"
},
{
"name": "1032725",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032725"
},
{
"name": "1032726",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032726"
},
{
"name": "75417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75417"
}
]
}
}

34
2015/4xxx/CVE-2015-4339.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4339",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4339",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2015/4xxx/CVE-2015-4403.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4403",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4403",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2015/4xxx/CVE-2015-4917.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4917",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4892."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-4917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name" : "1033899",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033899"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-4892."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "1033899",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033899"
}
]
}
}

130
2015/5xxx/CVE-2015-5227.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5227",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5227",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wpvulndb.com/vulnerabilities/8200",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8200"
},
{
"name" : "https://wordpress.org/plugins/landing-pages/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/landing-pages/#developers"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Landing Pages plugin before 1.9.2 for WordPress allows remote attackers to execute arbitrary code via the url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/landing-pages/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/landing-pages/#developers"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8200",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8200"
}
]
}
}

180
2015/9xxx/CVE-2015-9097.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-9097",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-9097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://openwall.com/lists/oss-security/2015/12/11/3",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2015/12/11/3"
},
{
"name" : "http://www.mbsd.jp/Whitepaper/smtpi.pdf",
"refsource" : "MISC",
"url" : "http://www.mbsd.jp/Whitepaper/smtpi.pdf"
},
{
"name" : "https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83",
"refsource" : "MISC",
"url" : "https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83"
},
{
"name" : "https://github.com/mikel/mail/pull/1097",
"refsource" : "MISC",
"url" : "https://github.com/mikel/mail/pull/1097"
},
{
"name" : "https://github.com/rubysec/ruby-advisory-db/issues/215",
"refsource" : "MISC",
"url" : "https://github.com/rubysec/ruby-advisory-db/issues/215"
},
{
"name" : "https://hackerone.com/reports/137631",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/137631"
},
{
"name" : "https://rubysec.com/advisories/mail-OSVDB-131677",
"refsource" : "MISC",
"url" : "https://rubysec.com/advisories/mail-OSVDB-131677"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is vulnerable to SMTP command injection via CRLF sequences in a RCPT TO or MAIL FROM command, as demonstrated by CRLF sequences immediately before and after a DATA substring."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mikel/mail/pull/1097",
"refsource": "MISC",
"url": "https://github.com/mikel/mail/pull/1097"
},
{
"name": "https://hackerone.com/reports/137631",
"refsource": "MISC",
"url": "https://hackerone.com/reports/137631"
},
{
"name": "https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83",
"refsource": "MISC",
"url": "https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83"
},
{
"name": "http://openwall.com/lists/oss-security/2015/12/11/3",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/12/11/3"
},
{
"name": "https://rubysec.com/advisories/mail-OSVDB-131677",
"refsource": "MISC",
"url": "https://rubysec.com/advisories/mail-OSVDB-131677"
},
{
"name": "https://github.com/rubysec/ruby-advisory-db/issues/215",
"refsource": "MISC",
"url": "https://github.com/rubysec/ruby-advisory-db/issues/215"
},
{
"name": "http://www.mbsd.jp/Whitepaper/smtpi.pdf",
"refsource": "MISC",
"url": "http://www.mbsd.jp/Whitepaper/smtpi.pdf"
}
]
}
}

132
2015/9xxx/CVE-2015-9158.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2015-9158",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a QTEE crypto function, a buffer overflow can occur."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in TrustZone"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2015-9158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a QTEE crypto function, a buffer overflow can occur."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

34
2018/2xxx/CVE-2018-2180.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2180",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2180",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

34
2018/2xxx/CVE-2018-2218.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2218",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2218",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

34
2018/2xxx/CVE-2018-2345.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2345",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2345",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

142
2018/2xxx/CVE-2018-2361.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com",
"ID" : "CVE-2018-2361",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SAP Solution Manager",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "7.20"
}
]
}
}
]
},
"vendor_name" : "SAP SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Missing Authorization Check"
}
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Solution Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "7.20"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/",
"refsource" : "CONFIRM",
"url" : "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"name" : "https://launchpad.support.sap.com/#/notes/2507934",
"refsource" : "CONFIRM",
"url" : "https://launchpad.support.sap.com/#/notes/2507934"
},
{
"name" : "102450",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102450"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Missing Authorization Check"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018/"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2507934",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2507934"
},
{
"name": "102450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102450"
}
]
}
}

196
2018/2xxx/CVE-2018-2504.json
View File

@ -1,100 +1,100 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com",
"ID" : "CVE-2018-2504",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SAP NetWeaver AS Java (ServerCore)",
"version" : {
"version_data" : [
{
"version_name" : "=",
"version_value" : "7.10"
},
{
"version_name" : "=",
"version_value" : "7.11"
},
{
"version_name" : "=",
"version_value" : "7.20"
},
{
"version_name" : "=",
"version_value" : "7.30"
},
{
"version_name" : "=",
"version_value" : "7.31"
},
{
"version_name" : "=",
"version_value" : "7.40"
},
{
"version_name" : "=",
"version_value" : "7.50"
}
]
}
}
]
},
"vendor_name" : "SAP"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver AS Java (ServerCore)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "7.10"
},
{
"version_name": "=",
"version_value": "7.11"
},
{
"version_name": "=",
"version_value": "7.20"
},
{
"version_name": "=",
"version_value": "7.30"
},
{
"version_name": "=",
"version_value": "7.31"
},
{
"version_name": "=",
"version_value": "7.40"
},
{
"version_name": "=",
"version_value": "7.50"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://launchpad.support.sap.com/#/notes/2718993",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2718993"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699",
"refsource" : "MISC",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"name" : "106150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106150"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2718993",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2718993"
},
{
"name": "106150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106150"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

190
2018/2xxx/CVE-2018-2583.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2583",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "5.6.38 and prior"
},
{
"version_affected" : "=",
"version_value" : "5.7.20 and prior"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.6.38 and prior"
},
{
"version_affected": "=",
"version_value": "5.7.20 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180117-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
},
{
"name" : "RHSA-2018:0586",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0586"
},
{
"name" : "RHSA-2018:0587",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0587"
},
{
"name" : "USN-3537-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3537-1/"
},
{
"name" : "102708",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102708"
},
{
"name" : "1040216",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040216"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.8 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0587",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0587"
},
{
"name": "102708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102708"
},
{
"name": "USN-3537-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3537-1/"
},
{
"name": "RHSA-2018:0586",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0586"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180117-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180117-0002/"
},
{
"name": "1040216",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040216"
}
]
}
}

132
2018/3xxx/CVE-2018-3158.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3158",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Hospitality Cruise Fleet Management",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "9.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hospitality Cruise Fleet Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105626",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105626"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Hospitality Cruise Fleet Management component of Oracle Hospitality Applications (subcomponent: Emergency Response System). The supported version that is affected is 9.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data. CVSS 3.0 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Cruise Fleet Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Cruise Fleet Management accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Cruise Fleet Management accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105626"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

132
2018/3xxx/CVE-2018-3204.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3204",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Business Intelligence Enterprise Edition",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.2.1.3.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Server). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Business Intelligence Enterprise Edition",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.2.1.3.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105623",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware (subcomponent: Analytics Server). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105623"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

34
2018/3xxx/CVE-2018-3534.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3534",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3534",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2018/3xxx/CVE-2018-3757.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-05-31T00:00:00",
"ID" : "CVE-2018-3757",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-05-31T00:00:00",
"ID": "CVE-2018-3757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/340208",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/340208"
},
{
"name" : "https://github.com/roest01/node-pdf-image/commit/54679496a89738443917608c2bbe2f6e5dd20e83",
"refsource" : "CONFIRM",
"url" : "https://github.com/roest01/node-pdf-image/commit/54679496a89738443917608c2bbe2f6e5dd20e83"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/340208",
"refsource": "MISC",
"url": "https://hackerone.com/reports/340208"
},
{
"name": "https://github.com/roest01/node-pdf-image/commit/54679496a89738443917608c2bbe2f6e5dd20e83",
"refsource": "CONFIRM",
"url": "https://github.com/roest01/node-pdf-image/commit/54679496a89738443917608c2bbe2f6e5dd20e83"
}
]
}
}

122
2018/3xxx/CVE-2018-3881.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-07-20T00:00:00",
"ID" : "CVE-2018-3881",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Focalscope",
"version" : {
"version_data" : [
{
"version_value" : "v2416"
}
]
}
}
]
},
"vendor_name" : "FocalScope"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data compromise."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Restriction of XML External Entity Reference"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-07-20T00:00:00",
"ID": "CVE-2018-3881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Focalscope",
"version": {
"version_data": [
{
"version_value": "v2416"
}
]
}
}
]
},
"vendor_name": "FocalScope"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0559",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0559"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable unauthenticated XML external injection vulnerability was identified in FocalScope v2416. A unauthenticated attacker could submit a specially crafted web request to FocalScope's server that could cause an XXE, and potentially result in data compromise."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0559",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0559"
}
]
}
}

34
2018/6xxx/CVE-2018-6448.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6448",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6448",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7130.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7130",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7130",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7709.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7709",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7709",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

234
2018/7xxx/CVE-2018-7942.json
View File

@ -1,119 +1,119 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2018-7942",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version" : {
"version_data" : [
{
"version_value" : "1288H V5 V100R005C00"
},
{
"version_value" : "2288H V5 V100R005C00"
},
{
"version_value" : "2488 V5 V100R005C00"
},
{
"version_value" : "CH121 V3 V100R001C00"
},
{
"version_value" : "CH121L V3 V100R001C00"
},
{
"version_value" : "CH121L V5 V100R001C00"
},
{
"version_value" : "CH121 V5 V100R001C00"
},
{
"version_value" : "CH140 V3 V100R001C00"
},
{
"version_value" : "CH140L V3 V100R001C00"
},
{
"version_value" : "CH220 V3 V100R001C00"
},
{
"version_value" : "CH222 V3 V100R001C00"
},
{
"version_value" : "CH242 V3 V100R001C00"
},
{
"version_value" : "CH242 V5 V100R001C00"
},
{
"version_value" : "RH1288 V3 V100R003C00"
},
{
"version_value" : "RH2288 V3 V100R003C00"
},
{
"version_value" : "RH2288H V3 V100R003C00"
},
{
"version_value" : "XH310 V3 V100R003C00"
},
{
"version_value" : "XH321 V3 V100R003C00"
},
{
"version_value" : "XH321 V5 V100R005C00"
},
{
"version_value" : "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "authentication bypass"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7942",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5; 2488 V5; CH121 V3; CH121L V3; CH121L V5; CH121 V5; CH140 V3; CH140L V3; CH220 V3; CH222 V3; CH242 V3; CH242 V5; RH1288 V3; RH2288 V3; RH2288H V3; XH310 V3; XH321 V3; XH321 V5; XH620 V3",
"version": {
"version_data": [
{
"version_value": "1288H V5 V100R005C00"
},
{
"version_value": "2288H V5 V100R005C00"
},
{
"version_value": "2488 V5 V100R005C00"
},
{
"version_value": "CH121 V3 V100R001C00"
},
{
"version_value": "CH121L V3 V100R001C00"
},
{
"version_value": "CH121L V5 V100R001C00"
},
{
"version_value": "CH121 V5 V100R001C00"
},
{
"version_value": "CH140 V3 V100R001C00"
},
{
"version_value": "CH140L V3 V100R001C00"
},
{
"version_value": "CH220 V3 V100R001C00"
},
{
"version_value": "CH222 V3 V100R001C00"
},
{
"version_value": "CH242 V3 V100R001C00"
},
{
"version_value": "CH242 V5 V100R001C00"
},
{
"version_value": "RH1288 V3 V100R003C00"
},
{
"version_value": "RH2288 V3 V100R003C00"
},
{
"version_value": "RH2288H V3 V100R003C00"
},
{
"version_value": "XH310 V3 V100R003C00"
},
{
"version_value": "XH321 V3 V100R003C00"
},
{
"version_value": "XH321 V5 V100R005C00"
},
{
"version_value": "XH620 V3 V100R003C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The iBMC (Intelligent Baseboard Management Controller) of some Huawei servers have an authentication bypass vulnerability. An unauthenticated, remote attacker may send some specially crafted messages to the affected products. Due to improper authentication design, successful exploit may cause some information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-server-en"
}
]
}
}