admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:51:38 +00:00
parent ce337eb65a
commit 0c9b8baada
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 4397 additions and 4397 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
1999/1xxx/CVE-1999-1048.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \\w option in the PS1 environmental variable when another user changes into that directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19980905 BASH buffer overflow, LiNUX x86 exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/10542"
},
{
"name" : "19970821 Buffer overflow in /bin/bash",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=87602746719555&w=2"
},
{
"name" : "19980909 problem with very long pathnames",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/1998/19980909"
},
{
"name" : "linux-bash-bo(3414)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3414"
},
{
"name" : "8345",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/8345"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \\w option in the PS1 environmental variable when another user changes into that directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8345",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/8345"
},
{
"name": "linux-bash-bo(3414)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3414"
},
{
"name": "19970821 Buffer overflow in /bin/bash",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=87602746719555&w=2"
},
{
"name": "19980909 problem with very long pathnames",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/1998/19980909"
},
{
"name": "19980905 BASH buffer overflow, LiNUX x86 exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/10542"
}
]
}
}

140
1999/1xxx/CVE-1999-1142.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1142",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SunOS 4.1.2 and earlier allows local users to gain privileges via \"LD_*\" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "CA-1992-11",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-1992-11.html"
},
{
"name" : "00116",
"refsource" : "SUN",
"url" : "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/116"
},
{
"name" : "sun-env(3152)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/3152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SunOS 4.1.2 and earlier allows local users to gain privileges via \"LD_*\" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-1992-11",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-1992-11.html"
},
{
"name": "sun-env(3152)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/3152"
},
{
"name": "00116",
"refsource": "SUN",
"url": "http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/116"
}
]
}
}

160
1999/1xxx/CVE-1999-1161.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1161",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19961103 Re: Untitled",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=87602167420102&w=2"
},
{
"name" : "19961104 ppl bugs",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=87602167420103&w=2"
},
{
"name" : "HPSBUX9704-057",
"refsource" : "HP",
"url" : "http://www.codetalker.com/advisories/vendor/hp/hpsbux9704-057.html"
},
{
"name" : "H-32",
"refsource" : "CIAC",
"url" : "http://ciac.llnl.gov/ciac/bulletins/h-32.shtml"
},
{
"name" : "hp-ppl(7438)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/7438.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBUX9704-057",
"refsource": "HP",
"url": "http://www.codetalker.com/advisories/vendor/hp/hpsbux9704-057.html"
},
{
"name": "hp-ppl(7438)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7438.php"
},
{
"name": "19961104 ppl bugs",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=87602167420103&w=2"
},
{
"name": "H-32",
"refsource": "CIAC",
"url": "http://ciac.llnl.gov/ciac/bulletins/h-32.shtml"
},
{
"name": "19961103 Re: Untitled",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=87602167420102&w=2"
}
]
}
}

140
2000/0xxx/CVE-2000-0191.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0191",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000229 Infosec.20000229.axisstorpointcd.a",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se"
},
{
"name" : "1025",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1025"
},
{
"name" : "19",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19"
},
{
"name": "1025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1025"
},
{
"name": "20000229 Infosec.20000229.axisstorpointcd.a",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se"
}
]
}
}

130
2000/0xxx/CVE-2000-0939.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0939",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001030 Samba 2.0.7 SWAT vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html"
},
{
"name" : "samba-swat-url-filename-dos(5444)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5444"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote attackers to cause a denial of service by repeatedly submitting a nonstandard URL in the GET HTTP request and forcing it to restart."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001030 Samba 2.0.7 SWAT vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html"
},
{
"name": "samba-swat-url-filename-dos(5444)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5444"
}
]
}
}

130
2000/1xxx/CVE-2000-1173.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1173",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001122 CyberPatrol - poor credit card protection",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0323.html"
},
{
"name" : "1977",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1977"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsys CyberPatrol uses weak encryption (trivial encoding) for credit card numbers and uses no encryption for the remainder of the information during registration, which could allow attackers to sniff network traffic and obtain this sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1977"
},
{
"name": "20001122 CyberPatrol - poor credit card protection",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0323.html"
}
]
}
}

130
2005/2xxx/CVE-2005-2052.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050623 eEye Advisory - EEYEB-200505 - RealPlayer AVI Processing Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111955853611840&w=2"
},
{
"name" : "http://service.real.com/help/faq/security/050623_player/EN/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/help/faq/security/050623_player/EN/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 (6.0.12.1040 through 1069), RealOne Player v1 and v2, RealPlayer 8 and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an .avi file with a modified strf structure value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050623 eEye Advisory - EEYEB-200505 - RealPlayer AVI Processing Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111955853611840&w=2"
},
{
"name": "http://service.real.com/help/faq/security/050623_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/050623_player/EN/"
}
]
}
}

130
2005/2xxx/CVE-2005-2184.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050706 eRoom Multiple Security Issues",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112069267700034&w=2"
},
{
"name" : "15940",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15940"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eRoom 6.x does not properly restrict files that can be attached, which allows remote attackers to execute arbitrary commands via a .lnk file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15940",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15940"
},
{
"name": "20050706 eRoom Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112069267700034&w=2"
}
]
}
}

240
2005/2xxx/CVE-2005-2549.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2549",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2549",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050810 Evolution multiple remote format string bugs",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/407789"
},
{
"name" : "20050810 Evolution multiple remote format string bugs",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=112368237712032&w=2"
},
{
"name" : "http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html",
"refsource" : "MISC",
"url" : "http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html"
},
{
"name" : "DSA-1016",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1016"
},
{
"name" : "FEDORA-2005-743",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html"
},
{
"name" : "MDKSA-2005:141",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:141"
},
{
"name" : "RHSA-2005:267",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-267.html"
},
{
"name" : "SUSE-SA:2005:054",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_54_evolution.html"
},
{
"name" : "USN-166-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/166-1/"
},
{
"name" : "14532",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14532"
},
{
"name" : "oval:org.mitre.oval:def:9553",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9553"
},
{
"name" : "16394",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16394"
},
{
"name" : "19380",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19380"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote LDAP servers, or (3) task list data from remote servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2005:054",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_54_evolution.html"
},
{
"name": "14532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14532"
},
{
"name": "RHSA-2005:267",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-267.html"
},
{
"name": "19380",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19380"
},
{
"name": "DSA-1016",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1016"
},
{
"name": "FEDORA-2005-743",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-August/msg00031.html"
},
{
"name": "MDKSA-2005:141",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:141"
},
{
"name": "16394",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16394"
},
{
"name": "oval:org.mitre.oval:def:9553",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9553"
},
{
"name": "http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html",
"refsource": "MISC",
"url": "http://www.sitic.se/eng/advisories_and_recommendations/sa05-001.html"
},
{
"name": "20050810 Evolution multiple remote format string bugs",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/407789"
},
{
"name": "20050810 Evolution multiple remote format string bugs",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=112368237712032&w=2"
},
{
"name": "USN-166-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/166-1/"
}
]
}
}

160
2005/3xxx/CVE-2005-3005.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Helpdesk Software Hesk allows remote attackers to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phpjunkyard.com/extras/hesk_0931_patch.zip",
"refsource" : "CONFIRM",
"url" : "http://www.phpjunkyard.com/extras/hesk_0931_patch.zip"
},
{
"name" : "20050920 Hesk Session ID Validation Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112724743530521&w=2"
},
{
"name" : "14879",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14879"
},
{
"name" : "ADV-2005-1792",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1792"
},
{
"name" : "16859",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16859"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Helpdesk Software Hesk allows remote attackers to bypass authentication for (1) admin.php and (2) admin_main.php by modifying the PHPSESSID session ID parameter or cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-1792",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1792"
},
{
"name": "20050920 Hesk Session ID Validation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112724743530521&w=2"
},
{
"name": "14879",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14879"
},
{
"name": "16859",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16859"
},
{
"name": "http://www.phpjunkyard.com/extras/hesk_0931_patch.zip",
"refsource": "CONFIRM",
"url": "http://www.phpjunkyard.com/extras/hesk_0931_patch.zip"
}
]
}
}

34
2005/3xxx/CVE-2005-3604.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3604",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3604",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2005/3xxx/CVE-2005-3890.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3890",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051121 Gadu-Gadu several vulnerabilities (version <= 7.20)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113261573023912&w=2"
},
{
"name" : "20051121 Gadu-Gadu several vulnerabilities (version <= 7.20)",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0658.html"
},
{
"name" : "15520",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15520/"
},
{
"name" : "21019",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21019"
},
{
"name" : "17597",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17597/"
},
{
"name" : "gadu-gadu-gg-uri-dos(23153)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23153"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash and configuration loss) via a page with a large number of gg: URIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15520",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15520/"
},
{
"name": "21019",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21019"
},
{
"name": "20051121 Gadu-Gadu several vulnerabilities (version <= 7.20)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113261573023912&w=2"
},
{
"name": "gadu-gadu-gg-uri-dos(23153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23153"
},
{
"name": "17597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17597/"
},
{
"name": "20051121 Gadu-Gadu several vulnerabilities (version <= 7.20)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0658.html"
}
]
}
}

180
2005/3xxx/CVE-2005-3931.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3931",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051129 ASP-Rider Default.asp SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/418088/100/0/threaded"
},
{
"name" : "15617",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15617"
},
{
"name" : "ADV-2005-2663",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2663"
},
{
"name" : "21248",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21248"
},
{
"name" : "17792",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17792"
},
{
"name" : "218",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/218"
},
{
"name" : "asp-rider-default-sql-injection(23300)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23300"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows remote attackers to execute arbitrary SQL commands via the HTTP referer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17792",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17792"
},
{
"name": "218",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/218"
},
{
"name": "20051129 ASP-Rider Default.asp SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418088/100/0/threaded"
},
{
"name": "asp-rider-default-sql-injection(23300)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23300"
},
{
"name": "15617",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15617"
},
{
"name": "ADV-2005-2663",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2663"
},
{
"name": "21248",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21248"
}
]
}
}

200
2005/4xxx/CVE-2005-4178.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4178",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-4178",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[dropbear] 20051211 Dropbear 0.47 (and security fix)",
"refsource" : "MLIST",
"url" : "http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html"
},
{
"name" : "http://matt.ucc.asn.au/dropbear/dropbear.html",
"refsource" : "MISC",
"url" : "http://matt.ucc.asn.au/dropbear/dropbear.html"
},
{
"name" : "DSA-923",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-923"
},
{
"name" : "GLSA-200512-13",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml"
},
{
"name" : "15923",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15923/"
},
{
"name" : "ADV-2005-2962",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2962"
},
{
"name" : "18108",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18108"
},
{
"name" : "18109",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18109"
},
{
"name" : "18142",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18142"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18142"
},
{
"name": "15923",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15923/"
},
{
"name": "[dropbear] 20051211 Dropbear 0.47 (and security fix)",
"refsource": "MLIST",
"url": "http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/2005q4/000312.html"
},
{
"name": "18109",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18109"
},
{
"name": "GLSA-200512-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-13.xml"
},
{
"name": "DSA-923",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-923"
},
{
"name": "18108",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18108"
},
{
"name": "http://matt.ucc.asn.au/dropbear/dropbear.html",
"refsource": "MISC",
"url": "http://matt.ucc.asn.au/dropbear/dropbear.html"
},
{
"name": "ADV-2005-2962",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2962"
}
]
}
}

170
2005/4xxx/CVE-2005-4603.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4603",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051231 MyBB XSS cross-site scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420569/100/0/threaded"
},
{
"name" : "16096",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16096"
},
{
"name" : "ADV-2006-0012",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0012"
},
{
"name" : "21601",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21601"
},
{
"name" : "18281",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18281"
},
{
"name" : "310",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/310"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-0012",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0012"
},
{
"name": "20051231 MyBB XSS cross-site scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420569/100/0/threaded"
},
{
"name": "18281",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18281"
},
{
"name": "310",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/310"
},
{
"name": "21601",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21601"
},
{
"name": "16096",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16096"
}
]
}
}

160
2005/4xxx/CVE-2005-4848.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blog2.lemondeinformatique.fr/management_du_si/2006/05/notre_ami_imad_.html",
"refsource" : "MISC",
"url" : "http://blog2.lemondeinformatique.fr/management_du_si/2006/05/notre_ami_imad_.html"
},
{
"name" : "http://www.lemonde.fr/web/article/0,1-0@2-3208,36-777732,0.html",
"refsource" : "MISC",
"url" : "http://www.lemonde.fr/web/article/0,1-0@2-3208,36-777732,0.html"
},
{
"name" : "http://www.blackberry.com/btsc/articles/669/KB04075_f.SAL_Public.html",
"refsource" : "CONFIRM",
"url" : "http://www.blackberry.com/btsc/articles/669/KB04075_f.SAL_Public.html"
},
{
"name" : "ADV-2007-2419",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2419"
},
{
"name" : "blackberry-decompression-bo(35241)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35241"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.blackberry.com/btsc/articles/669/KB04075_f.SAL_Public.html",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/btsc/articles/669/KB04075_f.SAL_Public.html"
},
{
"name": "blackberry-decompression-bo(35241)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35241"
},
{
"name": "ADV-2007-2419",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2419"
},
{
"name": "http://blog2.lemondeinformatique.fr/management_du_si/2006/05/notre_ami_imad_.html",
"refsource": "MISC",
"url": "http://blog2.lemondeinformatique.fr/management_du_si/2006/05/notre_ami_imad_.html"
},
{
"name": "http://www.lemonde.fr/web/article/0,1-0@2-3208,36-777732,0.html",
"refsource": "MISC",
"url": "http://www.lemonde.fr/web/article/0,1-0@2-3208,36-777732,0.html"
}
]
}
}

160
2009/2xxx/CVE-2009-2104.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/"
},
{
"name" : "35397",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35397"
},
{
"name" : "55122",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55122"
},
{
"name" : "35483",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35483"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Modern Guestbook / Commenting System (ve_guestbook) extension 2.7.1 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-009/"
},
{
"name": "55122",
"refsource": "OSVDB",
"url": "http://osvdb.org/55122"
},
{
"name": "http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/ve_guestbook/2.7.2/"
},
{
"name": "35397",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35397"
},
{
"name": "35483",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35483"
}
]
}
}

140
2009/2xxx/CVE-2009-2189.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2189",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT4298",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4298"
},
{
"name" : "APPLE-SA-2010-12-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
},
{
"name" : "1024907",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1024907"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme Base Station, and AirPort Express Base Station with firmware before 7.5.2 does not limit the rate of (1) Router Advertisement and (2) Neighbor Discovery packets, which allows remote attackers to cause a denial of service (resource consumption and device restart) by sending many packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2010-12-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT4298",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4298"
},
{
"name": "1024907",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1024907"
}
]
}
}

260
2009/2xxx/CVE-2009-2405.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2405",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-2405",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jira.jboss.org/jira/browse/JBAS-7105",
"refsource" : "MISC",
"url" : "https://jira.jboss.org/jira/browse/JBAS-7105"
},
{
"name" : "https://jira.jboss.org/jira/browse/JBPAPP-2274",
"refsource" : "MISC",
"url" : "https://jira.jboss.org/jira/browse/JBPAPP-2274"
},
{
"name" : "https://jira.jboss.org/jira/browse/JBPAPP-2284",
"refsource" : "MISC",
"url" : "https://jira.jboss.org/jira/browse/JBPAPP-2284"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=510023",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=510023"
},
{
"name" : "RHSA-2009:1636",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
},
{
"name" : "RHSA-2009:1637",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
},
{
"name" : "RHSA-2009:1649",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
},
{
"name" : "RHSA-2009:1650",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
},
{
"name" : "37276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37276"
},
{
"name" : "60898",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/60898"
},
{
"name" : "60899",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/60899"
},
{
"name" : "1023315",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023315"
},
{
"name" : "35680",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35680"
},
{
"name" : "37671",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37671"
},
{
"name" : "jboss-createsnapshot-xss(54700)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54700"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Web Console in the Application Server in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2.0 before 4.2.0.CP08, 4.2.2GA, 4.3 before 4.3.0.CP07, and 5.1.0GA allow remote attackers to inject arbitrary web script or HTML via the (1) monitorName, (2) objectName, (3) attribute, or (4) period parameter to createSnapshot.jsp, or the (5) monitorName, (6) objectName, (7) attribute, (8) threshold, (9) period, or (10) enabled parameter to createThresholdMonitor.jsp. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jira.jboss.org/jira/browse/JBAS-7105",
"refsource": "MISC",
"url": "https://jira.jboss.org/jira/browse/JBAS-7105"
},
{
"name": "37276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37276"
},
{
"name": "1023315",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023315"
},
{
"name": "60899",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60899"
},
{
"name": "RHSA-2009:1637",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1637.html"
},
{
"name": "https://jira.jboss.org/jira/browse/JBPAPP-2284",
"refsource": "MISC",
"url": "https://jira.jboss.org/jira/browse/JBPAPP-2284"
},
{
"name": "37671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37671"
},
{
"name": "RHSA-2009:1636",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1636.html"
},
{
"name": "RHSA-2009:1649",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1649.html"
},
{
"name": "60898",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60898"
},
{
"name": "jboss-createsnapshot-xss(54700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54700"
},
{
"name": "https://jira.jboss.org/jira/browse/JBPAPP-2274",
"refsource": "MISC",
"url": "https://jira.jboss.org/jira/browse/JBPAPP-2274"
},
{
"name": "35680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35680"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=510023",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=510023"
},
{
"name": "RHSA-2009:1650",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1650.html"
}
]
}
}

470
2009/2xxx/CVE-2009-2416.json
View File

@ -1,237 +1,237 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2416",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-2416",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name" : "[debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion",
"refsource" : "MLIST",
"url" : "http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg678527.html"
},
{
"name" : "http://www.cert.fi/en/reports/2009/vulnerability2009085.html",
"refsource" : "MISC",
"url" : "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
},
{
"name" : "http://www.codenomicon.com/labs/xml/",
"refsource" : "MISC",
"url" : "http://www.codenomicon.com/labs/xml/"
},
{
"name" : "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html",
"refsource" : "MISC",
"url" : "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=515205",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=515205"
},
{
"name" : "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
},
{
"name" : "http://support.apple.com/kb/HT3937",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3937"
},
{
"name" : "http://support.apple.com/kb/HT3949",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3949"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name" : "http://support.apple.com/kb/HT4225",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4225"
},
{
"name" : "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html",
"refsource" : "CONFIRM",
"url" : "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html"
},
{
"name" : "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59",
"refsource" : "CONFIRM",
"url" : "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59"
},
{
"name" : "APPLE-SA-2009-11-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name" : "APPLE-SA-2009-11-11-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
},
{
"name" : "APPLE-SA-2010-06-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name" : "DSA-1859",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1859"
},
{
"name" : "FEDORA-2009-8491",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html"
},
{
"name" : "FEDORA-2009-8498",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html"
},
{
"name" : "FEDORA-2009-8580",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html"
},
{
"name" : "SUSE-SR:2009:015",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name" : "USN-815-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-815-1"
},
{
"name" : "36010",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36010"
},
{
"name" : "oval:org.mitre.oval:def:7783",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783"
},
{
"name" : "oval:org.mitre.oval:def:9262",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262"
},
{
"name" : "36338",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36338"
},
{
"name" : "36207",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36207"
},
{
"name" : "36417",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36417"
},
{
"name" : "37471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37471"
},
{
"name" : "37346",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37346"
},
{
"name" : "35036",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35036"
},
{
"name" : "36631",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36631"
},
{
"name" : "ADV-2009-2420",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2420"
},
{
"name" : "ADV-2009-3184",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name" : "ADV-2009-3316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name" : "ADV-2009-3217",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3217"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-815-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-815-1"
},
{
"name": "FEDORA-2009-8491",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00537.html"
},
{
"name": "36631",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36631"
},
{
"name": "oval:org.mitre.oval:def:9262",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9262"
},
{
"name": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html",
"refsource": "MISC",
"url": "http://www.networkworld.com/columnists/2009/080509-xml-flaw.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=515205",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=515205"
},
{
"name": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2009-2414-2416.html"
},
{
"name": "APPLE-SA-2009-11-11-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html"
},
{
"name": "ADV-2009-3217",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3217"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "http://support.apple.com/kb/HT4225",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4225"
},
{
"name": "ADV-2009-2420",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2420"
},
{
"name": "FEDORA-2009-8580",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00642.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "36417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36417"
},
{
"name": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html",
"refsource": "MISC",
"url": "http://www.cert.fi/en/reports/2009/vulnerability2009085.html"
},
{
"name": "http://www.codenomicon.com/labs/xml/",
"refsource": "MISC",
"url": "http://www.codenomicon.com/labs/xml/"
},
{
"name": "SUSE-SR:2009:015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3949",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3949"
},
{
"name": "[debian-bugs-dist] 20090810 Bug#540865: libxml2: CVE-2009-2414, CVE-2009-2416 pointer-user-after-free and stack overflow because of function recursion",
"refsource": "MLIST",
"url": "http://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg678527.html"
},
{
"name": "36010",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36010"
},
{
"name": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59",
"refsource": "CONFIRM",
"url": "https://git.gnome.org/browse/libxml2/commit/?id=489f9671e71cc44a97b23111b3126ac8a1e21a59"
},
{
"name": "35036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35036"
},
{
"name": "36338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36338"
},
{
"name": "FEDORA-2009-8498",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00547.html"
},
{
"name": "oval:org.mitre.oval:def:7783",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7783"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "DSA-1859",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1859"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "APPLE-SA-2010-06-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html"
},
{
"name": "37346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37346"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "36207",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36207"
}
]
}
}

140
2009/2xxx/CVE-2009-2525.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2525",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka \"Windows Media Runtime Heap Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2525",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS09-051",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051"
},
{
"name" : "TA09-286A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name" : "oval:org.mitre.oval:def:6484",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6484"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows Media Runtime, as used in DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager (ACM), does not properly initialize unspecified functions within compressed audio files, which allows remote attackers to execute arbitrary code via (1) a crafted media file or (2) crafted streaming content, aka \"Windows Media Runtime Heap Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6484",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6484"
},
{
"name": "MS09-051",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-051"
}
]
}
}

130
2009/2xxx/CVE-2009-2788.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9327",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9327"
},
{
"name" : "35910",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35910"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow remote attackers to execute arbitrary SQL commands via the (1) adminName parameter to cp/auth.php, (2) cid parameter to artcat.php, and (3) catid parameter to show.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35910"
},
{
"name": "9327",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9327"
}
]
}
}

150
2009/2xxx/CVE-2009-2830.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2830",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3937",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3937"
},
{
"name" : "APPLE-SA-2009-11-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name" : "36956",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36956"
},
{
"name" : "ADV-2009-3184",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple Mac OS X 10.6.x before 10.6.2 allow user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Common Document Format (CDF) file. NOTE: this might overlap CVE-2009-1515."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}

160
2009/3xxx/CVE-2009-3021.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3021",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3021",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.geeklog.jp/article.php/20090820020302431",
"refsource" : "MISC",
"url" : "http://www.geeklog.jp/article.php/20090820020302431"
},
{
"name" : "JVN#20478978",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN20478978/index.html"
},
{
"name" : "JVNDB-2009-000055",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000055.html"
},
{
"name" : "36404",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36404"
},
{
"name" : "36413",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36413"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' plugin 2.0.0 through 2.0.6, as used in the Japanese extended package of Geeklog 1.5.0 through 1.5.2 and when distributed 20090629 or earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#20478978",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN20478978/index.html"
},
{
"name": "http://www.geeklog.jp/article.php/20090820020302431",
"refsource": "MISC",
"url": "http://www.geeklog.jp/article.php/20090820020302431"
},
{
"name": "36404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36404"
},
{
"name": "JVNDB-2009-000055",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000055.html"
},
{
"name": "36413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36413"
}
]
}
}

130
2009/3xxx/CVE-2009-3659.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3659",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9669",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9669"
},
{
"name" : "bscounter-stats-sql-injection(53236)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53236"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 allows remote attackers to execute arbitrary SQL commands via the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9669",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9669"
},
{
"name": "bscounter-stats-sql-injection(53236)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53236"
}
]
}
}

200
2009/4xxx/CVE-2009-4002.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4002",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2009-4002",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100120 Secunia Research: Adobe Shockwave Player 3D Model Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509062/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2009-61/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2009-61/"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-03.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-03.html"
},
{
"name" : "37870",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37870"
},
{
"name" : "oval:org.mitre.oval:def:8311",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8311"
},
{
"name" : "1023481",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023481"
},
{
"name" : "37888",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37888"
},
{
"name" : "ADV-2010-0171",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0171"
},
{
"name" : "shockwave-3d-bo(55758)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55758"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 allows remote attackers to execute arbitrary code via a crafted 3D model in a Shockwave file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37870",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37870"
},
{
"name": "20100120 Secunia Research: Adobe Shockwave Player 3D Model Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509062/100/0/threaded"
},
{
"name": "37888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37888"
},
{
"name": "shockwave-3d-bo(55758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55758"
},
{
"name": "1023481",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023481"
},
{
"name": "oval:org.mitre.oval:def:8311",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8311"
},
{
"name": "ADV-2010-0171",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0171"
},
{
"name": "http://secunia.com/secunia_research/2009-61/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-61/"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-03.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-03.html"
}
]
}
}

140
2009/4xxx/CVE-2009-4559.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with \"administer content types\" privileges, to inject arbitrary web script or HTML via an input string for \"submitted by\" text."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/520372",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/520372"
},
{
"name" : "35708",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35708"
},
{
"name" : "submittedby-unspecified-xss(51788)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51788"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with \"administer content types\" privileges, to inject arbitrary web script or HTML via an input string for \"submitted by\" text."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "submittedby-unspecified-xss(51788)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51788"
},
{
"name": "35708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35708"
},
{
"name": "http://drupal.org/node/520372",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/520372"
}
]
}
}

190
2009/4xxx/CVE-2009-4939.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4939",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4939",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090527 [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503855/100/0/threaded"
},
{
"name" : "20090528 Re: [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503911/100/0/threaded"
},
{
"name" : "8818",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/8818"
},
{
"name" : "http://forum.intern0t.net/exploits-vulnerabilities-pocs/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html",
"refsource" : "MISC",
"url" : "http://forum.intern0t.net/exploits-vulnerabilities-pocs/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html"
},
{
"name" : "54790",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54790"
},
{
"name" : "35262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35262"
},
{
"name" : "adpeeps-fields-xss(50824)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50824"
},
{
"name" : "adpeeps-index-xss(50823)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50823"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in AdPeeps 8.5d1 allow remote attackers to inject arbitrary web script or HTML via the (1) uid parameter, (2) uid parameter in a login_lookup action, (3) uid parameter in an adminlogin action, (4) campaignid parameter in a createcampaign action, (5) type parameter in a view_account_stats action, (6) period parameter in a view_account_stats action, (7) uid parameter in a view_adrates action, (8) accname parameter in an account_confirmation action, (9) loginpass parameter in an account_confirmation action, (10) e9 parameter in a setup_account action, (11) from parameter in an email_advertisers action, (12) message parameter in an email_advertisers action, (13) idno parameter in an edit_ad_package action, (14) Advertiser Name field, (15) First Name field, (16) Last Name field, (17) Address field, (18) Phone Number field, (19) Password Hint field, or (20) URL field; and (21) allow remote authenticated users to inject arbitrary web script or HTML via an unspecified form associated with a view_adrates action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090527 [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503855/100/0/threaded"
},
{
"name": "adpeeps-fields-xss(50824)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50824"
},
{
"name": "http://forum.intern0t.net/exploits-vulnerabilities-pocs/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html",
"refsource": "MISC",
"url": "http://forum.intern0t.net/exploits-vulnerabilities-pocs/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html"
},
{
"name": "adpeeps-index-xss(50823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50823"
},
{
"name": "54790",
"refsource": "OSVDB",
"url": "http://osvdb.org/54790"
},
{
"name": "20090528 Re: [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503911/100/0/threaded"
},
{
"name": "8818",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8818"
},
{
"name": "35262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35262"
}
]
}
}

480
2015/0xxx/CVE-2015-0480.json
View File

@ -1,242 +1,242 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0480",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0480",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name" : "http://advisories.mageia.org/MGASA-2015-0158.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2015-0158.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"name" : "DSA-3234",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3234"
},
{
"name" : "DSA-3235",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3235"
},
{
"name" : "DSA-3316",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3316"
},
{
"name" : "GLSA-201603-11",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-11"
},
{
"name" : "MDVSA-2015:212",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212"
},
{
"name" : "RHSA-2015:0806",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0806.html"
},
{
"name" : "RHSA-2015:0807",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0807.html"
},
{
"name" : "RHSA-2015:0808",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0808.html"
},
{
"name" : "RHSA-2015:0809",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0809.html"
},
{
"name" : "RHSA-2015:1006",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
},
{
"name" : "RHSA-2015:1007",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
},
{
"name" : "RHSA-2015:1020",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
},
{
"name" : "RHSA-2015:1021",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"name" : "RHSA-2015:1091",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
},
{
"name" : "RHSA-2015:0854",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0854.html"
},
{
"name" : "RHSA-2015:0857",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0857.html"
},
{
"name" : "RHSA-2015:0858",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0858.html"
},
{
"name" : "openSUSE-SU-2015:0773",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html"
},
{
"name" : "openSUSE-SU-2015:0774",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html"
},
{
"name" : "SUSE-SU-2015:0833",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html"
},
{
"name" : "SUSE-SU-2016:0113",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
},
{
"name" : "SUSE-SU-2015:2166",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
},
{
"name" : "SUSE-SU-2015:2168",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"
},
{
"name" : "SUSE-SU-2015:2182",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"
},
{
"name" : "SUSE-SU-2015:2192",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
},
{
"name" : "SUSE-SU-2015:2216",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"
},
{
"name" : "SUSE-SU-2015:1085",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"name" : "SUSE-SU-2015:1086",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"name" : "SUSE-SU-2015:1138",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"name" : "SUSE-SU-2015:1161",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
},
{
"name" : "USN-2573-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2573-1"
},
{
"name" : "USN-2574-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2574-1"
},
{
"name" : "74104",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74104"
},
{
"name" : "1032120",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032120"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and 8u40 allows remote attackers to affect integrity and availability via unknown vectors related to Tools."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0857",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0857.html"
},
{
"name": "DSA-3235",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3235"
},
{
"name": "RHSA-2015:1007",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1007.html"
},
{
"name": "SUSE-SU-2015:2182",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00003.html"
},
{
"name": "RHSA-2015:0806",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0806.html"
},
{
"name": "RHSA-2015:1006",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1006.html"
},
{
"name": "SUSE-SU-2015:2192",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00004.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0158.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0158.html"
},
{
"name": "SUSE-SU-2015:0833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00002.html"
},
{
"name": "MDVSA-2015:212",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:212"
},
{
"name": "74104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74104"
},
{
"name": "RHSA-2015:1091",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1091.html"
},
{
"name": "DSA-3316",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3316"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "SUSE-SU-2015:2166",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00000.html"
},
{
"name": "1032120",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032120"
},
{
"name": "GLSA-201603-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-11"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21883640"
},
{
"name": "openSUSE-SU-2015:0773",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00017.html"
},
{
"name": "SUSE-SU-2015:1138",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00022.html"
},
{
"name": "DSA-3234",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3234"
},
{
"name": "USN-2573-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2573-1"
},
{
"name": "SUSE-SU-2015:2216",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00006.html"
},
{
"name": "RHSA-2015:1020",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1020.html"
},
{
"name": "RHSA-2015:0807",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0807.html"
},
{
"name": "SUSE-SU-2015:1086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00015.html"
},
{
"name": "SUSE-SU-2015:2168",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00001.html"
},
{
"name": "SUSE-SU-2015:1085",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00014.html"
},
{
"name": "RHSA-2015:0858",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0858.html"
},
{
"name": "RHSA-2015:1021",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1021.html"
},
{
"name": "RHSA-2015:0808",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0808.html"
},
{
"name": "USN-2574-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2574-1"
},
{
"name": "RHSA-2015:0809",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0809.html"
},
{
"name": "openSUSE-SU-2015:0774",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00018.html"
},
{
"name": "SUSE-SU-2015:1161",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00031.html"
},
{
"name": "RHSA-2015:0854",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0854.html"
},
{
"name": "SUSE-SU-2016:0113",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00005.html"
}
]
}
}

180
2015/0xxx/CVE-2015-0514.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0514",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150120 ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"name" : "20150318 EMC M&R (Watch4net) data storage collector credentials are not properly protected",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534923/100/0/threaded"
},
{
"name" : "20150318 EMC M&R (Watch4net) data storage collector credentials are not properly protected",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Mar/112"
},
{
"name" : "https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html",
"refsource" : "MISC",
"url" : "https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html"
},
{
"name" : "http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html"
},
{
"name" : "72257",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72257"
},
{
"name" : "1031567",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031567"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20141101/emc_m_r__watch4net__data_storage_collector_credentials_are_not_properly_protected.html"
},
{
"name": "1031567",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031567"
},
{
"name": "20150318 EMC M&R (Watch4net) data storage collector credentials are not properly protected",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534923/100/0/threaded"
},
{
"name": "20150318 EMC M&R (Watch4net) data storage collector credentials are not properly protected",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/112"
},
{
"name": "20150120 ESA-2015-004: EMC M&R (Watch4Net) Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-01/0092.html"
},
{
"name": "72257",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72257"
},
{
"name": "http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130910/EMC-M-R-Watch4net-Insecure-Credential-Storage.html"
}
]
}
}

150
2015/0xxx/CVE-2015-0593.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0593",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37417",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37417"
},
{
"name" : "20150209 Cisco IOS Software Zone-Based Firewall Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0593"
},
{
"name" : "72549",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72549"
},
{
"name" : "ciscoios-cve20150593-dos(100757)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100757"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted network traffic, aka Bug ID CSCul65003."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37417",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37417"
},
{
"name": "20150209 Cisco IOS Software Zone-Based Firewall Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0593"
},
{
"name": "ciscoios-cve20150593-dos(100757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100757"
},
{
"name": "72549",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72549"
}
]
}
}

160
2015/0xxx/CVE-2015-0608.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCul48736."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37421",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37421"
},
{
"name" : "20150210 Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0608"
},
{
"name" : "72566",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72566"
},
{
"name" : "1031731",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031731"
},
{
"name" : "ciscoios-cve20150608-dos(100808)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100808"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers improper handling of the timing of process switching and Cisco Express Forwarding (CEF) switching, aka Bug ID CSCul48736."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150210 Cisco IOS Measurement, Aggregation, and Correlation Engine Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0608"
},
{
"name": "72566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72566"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37421",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37421"
},
{
"name": "ciscoios-cve20150608-dos(100808)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100808"
},
{
"name": "1031731",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031731"
}
]
}
}

34
2015/1xxx/CVE-2015-1466.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1466",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1466",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2015/1xxx/CVE-2015-1859.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1859",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"refsource" : "MLIST",
"url" : "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name" : "FEDORA-2015-6114",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name" : "FEDORA-2015-6123",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name" : "FEDORA-2015-6252",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
},
{
"name" : "FEDORA-2015-6315",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name" : "FEDORA-2015-6364",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name" : "GLSA-201603-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-10"
},
{
"name" : "USN-2626-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name" : "74307",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74307"
},
{
"name" : "74310",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74310"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp in the QtBase module in Qt before 4.8.7 and 5.x before 5.4.2 allow remote attackers to cause a denial of service (segmentation fault and crash) and possibly execute arbitrary code via a crafted ICO image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-6114",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155424.html"
},
{
"name": "74307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74307"
},
{
"name": "FEDORA-2015-6123",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155927.html"
},
{
"name": "74310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74310"
},
{
"name": "GLSA-201603-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-10"
},
{
"name": "FEDORA-2015-6315",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155962.html"
},
{
"name": "FEDORA-2015-6364",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155976.html"
},
{
"name": "USN-2626-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2626-1"
},
{
"name": "[Announce] 20150413 Qt Project Security Advisory - Multiple Vulnerabilities in Qt Image Format Handling",
"refsource": "MLIST",
"url": "http://lists.qt-project.org/pipermail/announce/2015-April/000067.html"
},
{
"name": "FEDORA-2015-6252",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156727.html"
}
]
}
}

34
2015/1xxx/CVE-2015-1869.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1869",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1869",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2015/4xxx/CVE-2015-4116.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4116",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.htbridge.com/advisory/HTB23262",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23262"
},
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=1cbd25ca15383394ffa9ee8601c5de4c0f2f90e1",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=1cbd25ca15383394ffa9ee8601c5de4c0f2f90e1"
},
{
"name" : "http://php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://php.net/ChangeLog-5.php"
},
{
"name" : "https://bugs.php.net/bug.php?id=69737",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=69737"
},
{
"name" : "openSUSE-SU-2016:1524",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote attackers to execute arbitrary code by triggering a failed SplMinHeap::compare operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2016:1524",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-06/msg00027.html"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=1cbd25ca15383394ffa9ee8601c5de4c0f2f90e1",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=1cbd25ca15383394ffa9ee8601c5de4c0f2f90e1"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "https://www.htbridge.com/advisory/HTB23262",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23262"
},
{
"name": "https://bugs.php.net/bug.php?id=69737",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=69737"
}
]
}
}

120
2015/4xxx/CVE-2015-4288.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4288",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-4288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150724 Multiple Cisco Products LDAP Server SSL Certificate Validation Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=40137"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150724 Multiple Cisco Products LDAP Server SSL Certificate Validation Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=40137"
}
]
}
}

160
2015/4xxx/CVE-2015-4382.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4382",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) create, (2) delete, or (3) alter invoices via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"name" : "https://www.drupal.org/node/2459337",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2459337"
},
{
"name" : "https://www.drupal.org/node/2474135",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2474135"
},
{
"name" : "https://www.drupal.org/node/2474139",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2474139"
},
{
"name" : "74345",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74345"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Invoice module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allow remote attackers to hijack the authentication of arbitrary users for requests that (1) create, (2) delete, or (3) alter invoices via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2459337",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2459337"
},
{
"name": "https://www.drupal.org/node/2474135",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2474135"
},
{
"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"name": "https://www.drupal.org/node/2474139",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2474139"
},
{
"name": "74345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74345"
}
]
}
}

260
2015/4xxx/CVE-2015-4501.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4501",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-4501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-96.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-96.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1165706",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1165706"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1186657",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1186657"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "SUSE-SU-2015:2081",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name" : "openSUSE-SU-2015:1658",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
},
{
"name" : "SUSE-SU-2015:1680",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html"
},
{
"name" : "openSUSE-SU-2015:1681",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
},
{
"name" : "SUSE-SU-2015:1703",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html"
},
{
"name" : "USN-2743-4",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-4"
},
{
"name" : "USN-2743-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-1"
},
{
"name" : "USN-2743-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-2"
},
{
"name" : "USN-2743-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-3"
},
{
"name" : "76816",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76816"
},
{
"name" : "1033640",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033640"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 41.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:1680",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html"
},
{
"name": "SUSE-SU-2015:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name": "openSUSE-SU-2015:1681",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
},
{
"name": "USN-2743-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-4"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-96.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-96.html"
},
{
"name": "USN-2743-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-3"
},
{
"name": "USN-2743-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-2"
},
{
"name": "1033640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033640"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1165706",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1165706"
},
{
"name": "76816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76816"
},
{
"name": "SUSE-SU-2015:1703",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html"
},
{
"name": "openSUSE-SU-2015:1658",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
},
{
"name": "USN-2743-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1186657",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1186657"
}
]
}
}

140
2015/4xxx/CVE-2015-4552.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://adrianhayter.com/exploits.php",
"refsource" : "MISC",
"url" : "http://adrianhayter.com/exploits.php"
},
{
"name" : "http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/",
"refsource" : "CONFIRM",
"url" : "http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/"
},
{
"name" : "1033471",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033471"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the quick edit function in xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the content of a post."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033471",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033471"
},
{
"name": "http://adrianhayter.com/exploits.php",
"refsource": "MISC",
"url": "http://adrianhayter.com/exploits.php"
},
{
"name": "http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/",
"refsource": "CONFIRM",
"url": "http://blog.mybb.com/2015/05/27/mybb-1-8-5-1-6-17-merge-system-1-8-5-release/"
}
]
}
}

160
2015/4xxx/CVE-2015-4703.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4703",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150623 Arbitrary File download in wordpress plugin wp-instance-rename v1.0",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/06/23/5"
},
{
"name" : "http://packetstormsecurity.com/files/132460/WordPress-WP-Instance-Rename-1.0-File-Download.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132460/WordPress-WP-Instance-Rename-1.0-File-Download.html"
},
{
"name" : "http://www.vapid.dhs.org/advisory.php?v=127",
"refsource" : "MISC",
"url" : "http://www.vapid.dhs.org/advisory.php?v=127"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8055",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8055"
},
{
"name" : "75394",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75394"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in mysqldump_download.php in the WordPress Rename plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a full pathname in the dumpfname parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisory.php?v=127",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisory.php?v=127"
},
{
"name": "[oss-security] 20150623 Arbitrary File download in wordpress plugin wp-instance-rename v1.0",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/23/5"
},
{
"name": "75394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75394"
},
{
"name": "http://packetstormsecurity.com/files/132460/WordPress-WP-Instance-Rename-1.0-File-Download.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132460/WordPress-WP-Instance-Rename-1.0-File-Download.html"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8055",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8055"
}
]
}
}

130
2015/5xxx/CVE-2015-5362.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5362",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D85, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10 allows remote attackers to cause a denial of service (bfdd crash and restart) or execute arbitrary code via a crafted BFD packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10690",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10690"
},
{
"name" : "1032844",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032844"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, 12.3 before 12.3R10, 12.3X48 before 12.3X48-D15, 13.2 before 13.2R8, 13.3 before 13.3R6, 14.1 before 14.1R5, 14.1X50 before 14.1X50-D85, 14.1X55 before 14.1X55-D20, 14.2 before 14.2R3, 15.1 before 15.1R1, and 15.1X49 before 15.1X49-D10 allows remote attackers to cause a denial of service (bfdd crash and restart) or execute arbitrary code via a crafted BFD packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10690",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10690"
},
{
"name": "1032844",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032844"
}
]
}
}

34
2015/5xxx/CVE-2015-5543.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5543",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-5543",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

34
2018/2xxx/CVE-2018-2336.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2336",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2336",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

356
2018/2xxx/CVE-2018-2641.json
View File

@ -1,180 +1,180 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2641",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "Java SE: 6u171"
},
{
"version_affected" : "=",
"version_value" : "7u161"
},
{
"version_affected" : "=",
"version_value" : "8u152"
},
{
"version_affected" : "=",
"version_value" : "9.0.1; Java SE Embedded: 8u151"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE: 6u171"
},
{
"version_affected": "=",
"version_value": "7u161"
},
{
"version_affected": "=",
"version_value": "8u152"
},
{
"version_affected": "=",
"version_value": "9.0.1; Java SE Embedded: 8u151"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180117-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
},
{
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource" : "CONFIRM",
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us"
},
{
"name" : "DSA-4144",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4144"
},
{
"name" : "DSA-4166",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4166"
},
{
"name" : "RHSA-2018:0095",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0095"
},
{
"name" : "RHSA-2018:0099",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0099"
},
{
"name" : "RHSA-2018:0100",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0100"
},
{
"name" : "RHSA-2018:0115",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0115"
},
{
"name" : "RHSA-2018:0349",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0349"
},
{
"name" : "RHSA-2018:0351",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0351"
},
{
"name" : "RHSA-2018:0352",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0352"
},
{
"name" : "RHSA-2018:0458",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0458"
},
{
"name" : "RHSA-2018:0521",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0521"
},
{
"name" : "RHSA-2018:1463",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1463"
},
{
"name" : "RHSA-2018:1812",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1812"
},
{
"name" : "USN-3613-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3613-1/"
},
{
"name" : "USN-3614-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3614-1/"
},
{
"name" : "102605",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102605"
},
{
"name" : "1040203",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040203"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 6.1 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:H/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0351",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0351"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
},
{
"name": "USN-3614-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3614-1/"
},
{
"name": "DSA-4166",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4166"
},
{
"name": "RHSA-2018:0095",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0095"
},
{
"name": "DSA-4144",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4144"
},
{
"name": "RHSA-2018:0521",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0521"
},
{
"name": "RHSA-2018:0352",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0352"
},
{
"name": "RHSA-2018:0115",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0115"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
},
{
"name": "RHSA-2018:1812",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1812"
},
{
"name": "102605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102605"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us"
},
{
"name": "RHSA-2018:0099",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0099"
},
{
"name": "RHSA-2018:1463",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1463"
},
{
"name": "RHSA-2018:0458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0458"
},
{
"name": "RHSA-2018:0349",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0349"
},
{
"name": "1040203",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040203"
},
{
"name": "USN-3613-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3613-1/"
},
{
"name": "RHSA-2018:0100",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0100"
}
]
}
}

182
2018/2xxx/CVE-2018-2996.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2996",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Applications Manager",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.1.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.4"
},
{
"version_affected" : "=",
"version_value" : "12.2.5"
},
{
"version_affected" : "=",
"version_value" : "12.2.6"
},
{
"version_affected" : "=",
"version_value" : "12.2.7"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Applications Manager",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.3"
},
{
"version_affected": "=",
"version_value": "12.2.3"
},
{
"version_affected": "=",
"version_value": "12.2.4"
},
{
"version_affected": "=",
"version_value": "12.2.5"
},
{
"version_affected": "=",
"version_value": "12.2.6"
},
{
"version_affected": "=",
"version_value": "12.2.7"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104837",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104837"
},
{
"name" : "1041309",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041309"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: Oracle Diagnostics Interfaces). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data. CVSS 3.0 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Manager accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104837",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104837"
},
{
"name": "1041309",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041309"
}
]
}
}

142
2018/3xxx/CVE-2018-3096.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.5.3"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104762",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104762"
},
{
"name" : "1041310",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041310"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104762"
},
{
"name": "1041310",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041310"
}
]
}
}

34
2018/3xxx/CVE-2018-3436.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3436",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3436",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/3xxx/CVE-2018-3438.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3438",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3438",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2018/6xxx/CVE-2018-6331.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@fb.com",
"DATE_ASSIGNED" : "2018-03-26",
"ID" : "CVE-2018-6331",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Buck",
"version" : {
"version_data" : [
{
"version_affected" : "!=>",
"version_value" : "v2018.06.25.01"
},
{
"version_affected" : "<=",
"version_value" : "v2018.06.25.01"
}
]
}
}
]
},
"vendor_name" : "Facebook"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Deserialization of Untrusted Data (CWE-502)"
}
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2018-03-26",
"ID": "CVE-2018-6331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Buck",
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "v2018.06.25.01"
},
{
"version_affected": "<=",
"version_value": "v2018.06.25.01"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/facebook/buck/commit/8c5500981812564877bd122c0f8fab48d3528ddf",
"refsource" : "MISC",
"url" : "https://github.com/facebook/buck/commit/8c5500981812564877bd122c0f8fab48d3528ddf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buck parser-cache command loads/saves state using Java serialized object. If the state information is maliciously crafted, deserializing it could lead to code execution. This issue affects Buck versions prior to v2018.06.25.01."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of Untrusted Data (CWE-502)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/buck/commit/8c5500981812564877bd122c0f8fab48d3528ddf",
"refsource": "MISC",
"url": "https://github.com/facebook/buck/commit/8c5500981812564877bd122c0f8fab48d3528ddf"
}
]
}
}

34
2018/6xxx/CVE-2018-6351.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6351",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6351",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/6xxx/CVE-2018-6369.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6369",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6369",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/6xxx/CVE-2018-6397.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6397",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6397",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43931",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43931/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43931",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43931/"
}
]
}
}

120
2018/7xxx/CVE-2018-7104.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"ID" : "CVE-2018-7104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HPE Intelligent Management Center (iMC) Wireless Services Manager Software",
"version" : {
"version_data" : [
{
"version_value" : "Prior to IMC WSM 7.3 E0506P02"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2018-7104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Intelligent Management Center (iMC) Wireless Services Manager Software",
"version": {
"version_data": [
{
"version_value": "Prior to IMC WSM 7.3 E0506P02"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Remote Code Execution vulnerability was identified in HPE Intelligent Management Center (iMC) Wireless Services Manager Software earlier than version IMC WSM 7.3 E0506P02."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03893en_us"
}
]
}
}

138
2018/7xxx/CVE-2018-7162.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-request@iojs.org",
"DATE_PUBLIC" : "2018-06-12T00:00:00",
"ID" : "CVE-2018-7162",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Node.js",
"version" : {
"version_data" : [
{
"version_value" : "9.x+"
},
{
"version_value" : "10.x+"
}
]
}
}
]
},
"vendor_name" : "The Node.js Project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "cve-request@iojs.org",
"DATE_PUBLIC": "2018-06-12T00:00:00",
"ID": "CVE-2018-7162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Node.js",
"version": {
"version_data": [
{
"version_value": "9.x+"
},
{
"version_value": "10.x+"
}
]
}
}
]
},
"vendor_name": "The Node.js Project"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/",
"refsource" : "CONFIRM",
"url" : "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"
},
{
"name" : "104468",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104468"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/",
"refsource": "CONFIRM",
"url": "https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/"
},
{
"name": "104468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104468"
}
]
}
}

120
2018/7xxx/CVE-2018-7219.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7219",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://foreversong.cn/archives/1081",
"refsource" : "MISC",
"url" : "http://foreversong.cn/archives/1081"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as demonstrated by changing an admin password or adding an account via a public/index.php/admin/admin/edit.html request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://foreversong.cn/archives/1081",
"refsource": "MISC",
"url": "http://foreversong.cn/archives/1081"
}
]
}
}

130
2018/7xxx/CVE-2018-7589.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7589",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/dtschump/CImg/issues/184",
"refsource" : "MISC",
"url" : "https://github.com/dtschump/CImg/issues/184"
},
{
"name" : "https://github.com/xiaoqx/pocs/tree/master/cimg",
"refsource" : "MISC",
"url" : "https://github.com/xiaoqx/pocs/tree/master/cimg"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in CImg v.220. A double free in load_bmp in CImg.h occurs when loading a crafted bmp image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dtschump/CImg/issues/184",
"refsource": "MISC",
"url": "https://github.com/dtschump/CImg/issues/184"
},
{
"name": "https://github.com/xiaoqx/pocs/tree/master/cimg",
"refsource": "MISC",
"url": "https://github.com/xiaoqx/pocs/tree/master/cimg"
}
]
}
}

34
2018/7xxx/CVE-2018-7828.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7828",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7828",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7879.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7879",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7879",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}