admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:31:15 +00:00
parent fc9300bd6a
commit 128269fbee
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 4036 additions and 4036 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
2002/2xxx/CVE-2002-2169.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV=\"refresh\" tag to an aim: URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020716 AIM forced behavior \"issue\"",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/282443"
},
{
"name" : "http://www.mindflip.org/aim.html",
"refsource" : "MISC",
"url" : "http://www.mindflip.org/aim.html"
},
{
"name" : "aim-http-refresh-functions(9616)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9616.php"
},
{
"name" : "5246",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5246"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV=\"refresh\" tag to an aim: URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "aim-http-refresh-functions(9616)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9616.php"
},
{
"name": "http://www.mindflip.org/aim.html",
"refsource": "MISC",
"url": "http://www.mindflip.org/aim.html"
},
{
"name": "20020716 AIM forced behavior \"issue\"",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/282443"
},
{
"name": "5246",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5246"
}
]
}
}

128
2005/0xxx/CVE-2005-0476.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0476",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows remote attackers to inject arbitrary web script or HTML by posting a message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050217 hpm_guestbook.cgi JavaScript-Injection",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110869187805397&w=2"
},
{
"name" : "hpm-guestbook-xss(19372)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19372"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows remote attackers to inject arbitrary web script or HTML by posting a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050217 hpm_guestbook.cgi JavaScript-Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110869187805397&w=2"
},
{
"name": "hpm-guestbook-xss(19372)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19372"
}
]
}
}

138
2005/1xxx/CVE-2005-1037.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1037",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "IY68825",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY68825&apar=only"
},
{
"name" : "http://www.niscc.gov.uk/niscc/docs/br-20050405-00278.html?lang=en",
"refsource" : "MISC",
"url" : "http://www.niscc.gov.uk/niscc/docs/br-20050405-00278.html?lang=en"
},
{
"name" : "14856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14856"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IY68825",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY68825&apar=only"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/br-20050405-00278.html?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/br-20050405-00278.html?lang=en"
},
{
"name": "14856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14856"
}
]
}
}

118
2005/1xxx/CVE-2005-1300.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1300",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050425 remote command execution in inserter.cgi script",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111444807013846&w=2"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050425 remote command execution in inserter.cgi script",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111444807013846&w=2"
}
]
}
}

178
2005/1xxx/CVE-2005-1344.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.lucaercoli.it/advs/htdigest.txt",
"refsource" : "MISC",
"url" : "http://www.lucaercoli.it/advs/htdigest.txt"
},
{
"name" : "APPLE-SA-2005-05-03",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
},
{
"name" : "APPLE-SA-2005-08-15",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name" : "APPLE-SA-2005-08-17",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name" : "http://www.securiteam.com/unixfocus/5EP061FEKC.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/unixfocus/5EP061FEKC.html"
},
{
"name" : "13537",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13537"
},
{
"name" : "12848",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/12848"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2005-05-03",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
},
{
"name": "http://www.lucaercoli.it/advs/htdigest.txt",
"refsource": "MISC",
"url": "http://www.lucaercoli.it/advs/htdigest.txt"
},
{
"name": "APPLE-SA-2005-08-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "12848",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12848"
},
{
"name": "http://www.securiteam.com/unixfocus/5EP061FEKC.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/unixfocus/5EP061FEKC.html"
},
{
"name": "APPLE-SA-2005-08-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name": "13537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13537"
}
]
}
}

138
2005/1xxx/CVE-2005-1771.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1771",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 allows remote attackers to gain unauthorized access, possibly involving remshd and/or telnet -t."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBUX01165",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=111713178014478&w=2"
},
{
"name" : "SSRT5899",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=111713178014478&w=2"
},
{
"name" : "1014060",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014060"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 allows remote attackers to gain unauthorized access, possibly involving remshd and/or telnet -t."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014060",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014060"
},
{
"name": "HPSBUX01165",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=111713178014478&w=2"
},
{
"name": "SSRT5899",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=111713178014478&w=2"
}
]
}
}

158
2005/1xxx/CVE-2005-1976.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098022.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098022.htm"
},
{
"name" : "14005",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14005"
},
{
"name" : "17456",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17456"
},
{
"name" : "1014251",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014251"
},
{
"name" : "15763",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15763"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14005",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14005"
},
{
"name": "15763",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15763"
},
{
"name": "17456",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17456"
},
{
"name": "1014251",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014251"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098022.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098022.htm"
}
]
}
}

138
2005/4xxx/CVE-2005-4138.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4138",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051207 BUGTRAQ:20051207 [KAPDA::#15] - ThWboard multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/418837/100/0/threaded"
},
{
"name" : "http://kapda.ir/advisory-149.html",
"refsource" : "MISC",
"url" : "http://kapda.ir/advisory-149.html"
},
{
"name" : "15763",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15763"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before 3 Beta 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) Wohnort and (2) Beruf fields in editprofile.php, (3) user parameter array in v_profile.php, and (4) the action parameter in misc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://kapda.ir/advisory-149.html",
"refsource": "MISC",
"url": "http://kapda.ir/advisory-149.html"
},
{
"name": "15763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15763"
},
{
"name": "20051207 BUGTRAQ:20051207 [KAPDA::#15] - ThWboard multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418837/100/0/threaded"
}
]
}
}

188
2005/4xxx/CVE-2005-4444.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4444",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4444",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051220 Secunia Research: Pegasus Mail Buffer Overflow and Off-by-OneVulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/419908/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2005-61/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2005-61/advisory/"
},
{
"name" : "http://www.pmail.com/newsflash.htm#secunia",
"refsource" : "CONFIRM",
"url" : "http://www.pmail.com/newsflash.htm#secunia"
},
{
"name" : "15973",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15973"
},
{
"name" : "ADV-2005-3004",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/3004"
},
{
"name" : "21842",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21842"
},
{
"name" : "1015385",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015385"
},
{
"name" : "17992",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17992"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21842",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21842"
},
{
"name": "ADV-2005-3004",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3004"
},
{
"name": "http://secunia.com/secunia_research/2005-61/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-61/advisory/"
},
{
"name": "20051220 Secunia Research: Pegasus Mail Buffer Overflow and Off-by-OneVulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419908/100/0/threaded"
},
{
"name": "1015385",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015385"
},
{
"name": "17992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17992"
},
{
"name": "15973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15973"
},
{
"name": "http://www.pmail.com/newsflash.htm#secunia",
"refsource": "CONFIRM",
"url": "http://www.pmail.com/newsflash.htm#secunia"
}
]
}
}

168
2005/4xxx/CVE-2005-4666.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4666",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://phlymail.de/forum/viewtopic.php?t=842",
"refsource" : "CONFIRM",
"url" : "http://phlymail.de/forum/viewtopic.php?t=842"
},
{
"name" : "16310",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16310"
},
{
"name" : "ADV-2006-0261",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0261"
},
{
"name" : "20975",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20975"
},
{
"name" : "18536",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18536"
},
{
"name" : "phlymail-unknown-xss(24237)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24237"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20975",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20975"
},
{
"name": "phlymail-unknown-xss(24237)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24237"
},
{
"name": "16310",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16310"
},
{
"name": "18536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18536"
},
{
"name": "ADV-2006-0261",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0261"
},
{
"name": "http://phlymail.de/forum/viewtopic.php?t=842",
"refsource": "CONFIRM",
"url": "http://phlymail.de/forum/viewtopic.php?t=842"
}
]
}
}

188
2005/4xxx/CVE-2005-4832.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4832",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050418 [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/396133"
},
{
"name" : "20050711 Re: Problems with the Oracle Critical Patch Update for April 2005",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/404970"
},
{
"name" : "http://www.appsecinc.com/resources/alerts/oracle/2005-02.html",
"refsource" : "MISC",
"url" : "http://www.appsecinc.com/resources/alerts/oracle/2005-02.html"
},
{
"name" : "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEExploit.txt",
"refsource" : "MISC",
"url" : "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEExploit.txt"
},
{
"name" : "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEWorkaround.sql",
"refsource" : "MISC",
"url" : "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEWorkaround.sql"
},
{
"name" : "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf"
},
{
"name" : "13236",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13236"
},
{
"name" : "oracle-subscriptionname-sql-injection(20159)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20159"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050418 [AppSecInc Team SHATTER Security Advisory] Multiple SQL Injection vulnerabilities in DBMS_CDC_SUBSCRIBE and DBMS_CDC_ISUBSCRIBE packages",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/396133"
},
{
"name": "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEWorkaround.sql",
"refsource": "MISC",
"url": "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEWorkaround.sql"
},
{
"name": "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEExploit.txt",
"refsource": "MISC",
"url": "http://www.argeniss.com/research/OraDBMS_CDC_SUBSCRIBEExploit.txt"
},
{
"name": "http://www.appsecinc.com/resources/alerts/oracle/2005-02.html",
"refsource": "MISC",
"url": "http://www.appsecinc.com/resources/alerts/oracle/2005-02.html"
},
{
"name": "20050711 Re: Problems with the Oracle Critical Patch Update for April 2005",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/404970"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf"
},
{
"name": "13236",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13236"
},
{
"name": "oracle-subscriptionname-sql-injection(20159)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20159"
}
]
}
}

128
2005/4xxx/CVE-2005-4855.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0",
"refsource" : "CONFIRM",
"url" : "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0"
},
{
"name" : "http://issues.ez.no/5984",
"refsource" : "CONFIRM",
"url" : "http://issues.ez.no/5984"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0",
"refsource": "CONFIRM",
"url": "http://ez.no/download/ez_publish/changelogs/ez_publish_3_8/changelog_3_6_x_3_7_x_to_3_8_0"
},
{
"name": "http://issues.ez.no/5984",
"refsource": "CONFIRM",
"url": "http://issues.ez.no/5984"
}
]
}
}

138
2005/4xxx/CVE-2005-4874.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4874",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a \"Max-Forwards: 0\" header or (2) arbitrary local passwords on the web server that hosts this object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=297078",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=297078"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=302489",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=302489"
},
{
"name" : "mozilla-xmlhttprequest-info-disclosure(41553)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a \"Max-Forwards: 0\" header or (2) arbitrary local passwords on the web server that hosts this object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=297078",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=297078"
},
{
"name": "mozilla-xmlhttprequest-info-disclosure(41553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41553"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=302489",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=302489"
}
]
}
}

208
2009/0xxx/CVE-2009-0282.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090118 Ralinktech wireless cards drivers vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500168/100/0/threaded"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995"
},
{
"name" : "DSA-1712",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1712"
},
{
"name" : "DSA-1713",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1713"
},
{
"name" : "DSA-1714",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1714"
},
{
"name" : "GLSA-200907-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200907-08.xml"
},
{
"name" : "33340",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33340"
},
{
"name" : "33592",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33592"
},
{
"name" : "33699",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33699"
},
{
"name" : "35743",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35743"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33592"
},
{
"name": "20090118 Ralinktech wireless cards drivers vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500168/100/0/threaded"
},
{
"name": "DSA-1714",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1714"
},
{
"name": "33340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33340"
},
{
"name": "DSA-1712",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1712"
},
{
"name": "DSA-1713",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1713"
},
{
"name": "33699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33699"
},
{
"name": "35743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35743"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512995"
},
{
"name": "GLSA-200907-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-08.xml"
}
]
}
}

138
2009/0xxx/CVE-2009-0310.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to \"incoming data and authentication-strings.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SUSE-SR:2009:004",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name" : "33794",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33794"
},
{
"name" : "suse-blinux-bo(48797)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48797"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through 11.0 has unknown impact and attack vectors related to \"incoming data and authentication-strings.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33794",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33794"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "suse-blinux-bo(48797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48797"
}
]
}
}

208
2009/0xxx/CVE-2009-0414.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0414",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[or-announce] 20090122 Tor 0.2.0.33 is released",
"refsource" : "MLIST",
"url" : "http://archives.seul.org/or/announce/Jan-2009/msg00000.html"
},
{
"name" : "http://blog.torproject.org/blog/tor-0.2.0.33-stable-released",
"refsource" : "CONFIRM",
"url" : "http://blog.torproject.org/blog/tor-0.2.0.33-stable-released"
},
{
"name" : "FEDORA-2009-0897",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00902.html"
},
{
"name" : "GLSA-200904-11",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200904-11.xml"
},
{
"name" : "33399",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33399"
},
{
"name" : "34583",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34583"
},
{
"name" : "ADV-2009-0210",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0210"
},
{
"name" : "1021633",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021633"
},
{
"name" : "33635",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33635"
},
{
"name" : "33677",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33677"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0210",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0210"
},
{
"name": "34583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34583"
},
{
"name": "[or-announce] 20090122 Tor 0.2.0.33 is released",
"refsource": "MLIST",
"url": "http://archives.seul.org/or/announce/Jan-2009/msg00000.html"
},
{
"name": "33677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33677"
},
{
"name": "FEDORA-2009-0897",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00902.html"
},
{
"name": "33399",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33399"
},
{
"name": "33635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33635"
},
{
"name": "GLSA-200904-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-11.xml"
},
{
"name": "http://blog.torproject.org/blog/tor-0.2.0.33-stable-released",
"refsource": "CONFIRM",
"url": "http://blog.torproject.org/blog/tor-0.2.0.33-stable-released"
},
{
"name": "1021633",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021633"
}
]
}
}

228
2009/0xxx/CVE-2009-0544.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0544",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090207 CVE Request: pycrypto",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/02/07/1"
},
{
"name" : "[oss-security] 20090212 Re: CVE Request: pycrypto",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/02/12/5"
},
{
"name" : "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b",
"refsource" : "CONFIRM",
"url" : "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b"
},
{
"name" : "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d",
"refsource" : "CONFIRM",
"url" : "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d"
},
{
"name" : "GLSA-200903-11",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200903-11.xml"
},
{
"name" : "MDVSA-2009:049",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:049"
},
{
"name" : "MDVSA-2009:050",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:050"
},
{
"name" : "SUSE-SR:2009:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name" : "33674",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33674"
},
{
"name" : "34199",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34199"
},
{
"name" : "35065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35065"
},
{
"name" : "pycrypto-arc2module-bo(48617)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48617"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2009:050",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:050"
},
{
"name": "pycrypto-arc2module-bo(48617)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48617"
},
{
"name": "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b",
"refsource": "CONFIRM",
"url": "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b"
},
{
"name": "MDVSA-2009:049",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:049"
},
{
"name": "[oss-security] 20090207 CVE Request: pycrypto",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/07/1"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d",
"refsource": "CONFIRM",
"url": "http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d"
},
{
"name": "34199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34199"
},
{
"name": "33674",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33674"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "[oss-security] 20090212 Re: CVE Request: pycrypto",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/12/5"
},
{
"name": "GLSA-200903-11",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200903-11.xml"
}
]
}
}

188
2009/0xxx/CVE-2009-0565.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0565",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka \"Word Buffer Overflow Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS09-027",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
},
{
"name" : "TA09-160A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name" : "35190",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35190"
},
{
"name" : "54960",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54960"
},
{
"name" : "oval:org.mitre.oval:def:6334",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6334"
},
{
"name" : "1022356",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022356"
},
{
"name" : "8206",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/8206"
},
{
"name" : "ADV-2009-1546",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1546"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka \"Word Buffer Overflow Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54960",
"refsource": "OSVDB",
"url": "http://osvdb.org/54960"
},
{
"name": "8206",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8206"
},
{
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "1022356",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022356"
},
{
"name": "oval:org.mitre.oval:def:6334",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6334"
},
{
"name": "MS09-027",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-027"
},
{
"name": "ADV-2009-1546",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1546"
},
{
"name": "35190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35190"
}
]
}
}

138
2009/0xxx/CVE-2009-0679.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0679",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ravenphpscripts.com/postt17156.html",
"refsource" : "CONFIRM",
"url" : "http://ravenphpscripts.com/postt17156.html"
},
{
"name" : "52299",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52299"
},
{
"name" : "ravennuke-youraccount-xss(48978)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48978"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Your Account module in RavenNuke 2.30 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ravenphpscripts.com/postt17156.html",
"refsource": "CONFIRM",
"url": "http://ravenphpscripts.com/postt17156.html"
},
{
"name": "52299",
"refsource": "OSVDB",
"url": "http://osvdb.org/52299"
},
{
"name": "ravennuke-youraccount-xss(48978)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48978"
}
]
}
}

148
2009/0xxx/CVE-2009-0809.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0809",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HD80332",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1HD80332"
},
{
"name" : "33895",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33895"
},
{
"name" : "34037",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34037"
},
{
"name" : "ADV-2009-0525",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0525"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release 18 Service Pack 8, and possibly CATIA and other products, allows remote authenticated users to read the profile card of an object in the document class via a link that is sent from the owner of the document object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34037"
},
{
"name": "ADV-2009-0525",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0525"
},
{
"name": "HD80332",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1HD80332"
},
{
"name": "33895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33895"
}
]
}
}

148
2009/1xxx/CVE-2009-1064.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1064",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1064",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8257",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8257"
},
{
"name" : "http://www.waraxe.us/advisory-73.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/advisory-73.html"
},
{
"name" : "34200",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34200"
},
{
"name" : "orbitdownloader-activex-file-deletion(49353)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49353"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit Downloader 2.8.7 and earlier ActiveX control allows remote attackers to overwrite arbitrary files via whitespace and a command-line switch, followed by a full pathname, in the third argument to the download method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-73.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-73.html"
},
{
"name": "34200",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34200"
},
{
"name": "8257",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8257"
},
{
"name": "orbitdownloader-activex-file-deletion(49353)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49353"
}
]
}
}

32
2009/1xxx/CVE-2009-1143.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1143",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1143",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

218
2009/1xxx/CVE-2009-1372.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1372",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1372",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032",
"refsource" : "CONFIRM",
"url" : "http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032"
},
{
"name" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553",
"refsource" : "CONFIRM",
"url" : "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553"
},
{
"name" : "http://support.apple.com/kb/HT3865",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3865"
},
{
"name" : "APPLE-SA-2009-09-10-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"name" : "MDVSA-2009:097",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:097"
},
{
"name" : "34446",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34446"
},
{
"name" : "53603",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53603"
},
{
"name" : "1022028",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022028"
},
{
"name" : "34612",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34612"
},
{
"name" : "36701",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36701"
},
{
"name" : "ADV-2009-0985",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0985"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022028",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022028"
},
{
"name": "http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032"
},
{
"name": "MDVSA-2009:097",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:097"
},
{
"name": "34612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34612"
},
{
"name": "APPLE-SA-2009-09-10-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html"
},
{
"name": "ADV-2009-0985",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0985"
},
{
"name": "34446",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34446"
},
{
"name": "http://support.apple.com/kb/HT3865",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3865"
},
{
"name": "36701",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36701"
},
{
"name": "53603",
"refsource": "OSVDB",
"url": "http://osvdb.org/53603"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1553"
}
]
}
}

148
2009/1xxx/CVE-2009-1946.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1946",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8851",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8851"
},
{
"name" : "54832",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54832"
},
{
"name" : "35315",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35315"
},
{
"name" : "adaptbb-latestposts-file-include(50893)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50893"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in latestposts.php in AdaptBB 1.0, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the forumspath parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8851",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8851"
},
{
"name": "adaptbb-latestposts-file-include(50893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50893"
},
{
"name": "54832",
"refsource": "OSVDB",
"url": "http://osvdb.org/54832"
},
{
"name": "35315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35315"
}
]
}
}

118
2009/3xxx/CVE-2009-3193.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9534",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9534"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9534",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9534"
}
]
}
}

148
2009/4xxx/CVE-2009-4810.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://trac.la-samhna.de/samhain/changeset/225",
"refsource" : "CONFIRM",
"url" : "http://trac.la-samhna.de/samhain/changeset/225"
},
{
"name" : "http://trac.la-samhna.de/samhain/ticket/150",
"refsource" : "CONFIRM",
"url" : "http://trac.la-samhna.de/samhain/ticket/150"
},
{
"name" : "34003",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34003"
},
{
"name" : "34104",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34104"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Secure Remote Password (SRP) implementation in Samhain before 2.5.4 does not check for a certain zero value where required by the protocol, which allows remote attackers to bypass authentication via crafted input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34104",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34104"
},
{
"name": "http://trac.la-samhna.de/samhain/ticket/150",
"refsource": "CONFIRM",
"url": "http://trac.la-samhna.de/samhain/ticket/150"
},
{
"name": "http://trac.la-samhna.de/samhain/changeset/225",
"refsource": "CONFIRM",
"url": "http://trac.la-samhna.de/samhain/changeset/225"
},
{
"name": "34003",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34003"
}
]
}
}

138
2009/4xxx/CVE-2009-4949.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4949",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/extensions/repository/view/locator/1.2.8/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/locator/1.2.8/"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
},
{
"name" : "34573",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34573"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34573"
},
{
"name": "http://typo3.org/extensions/repository/view/locator/1.2.8/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/locator/1.2.8/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
]
}
}

118
2009/5xxx/CVE-2009-5123.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5123",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Antivirus component in Comodo Internet Security before 3.11.108364.552 allows remote attackers to cause a denial of service (memory consumption) via a crafted compressed file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://personalfirewall.comodo.com/release_notes.html",
"refsource" : "CONFIRM",
"url" : "http://personalfirewall.comodo.com/release_notes.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Antivirus component in Comodo Internet Security before 3.11.108364.552 allows remote attackers to cause a denial of service (memory consumption) via a crafted compressed file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://personalfirewall.comodo.com/release_notes.html",
"refsource": "CONFIRM",
"url": "http://personalfirewall.comodo.com/release_notes.html"
}
]
}
}

32
2012/2xxx/CVE-2012-2272.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2272",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2272",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

248
2012/2xxx/CVE-2012-2737.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2737",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120628 accountsservice local file disclosure flaw (CVE-2012-2737)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/28/9"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=832532",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=832532"
},
{
"name" : "http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5",
"refsource" : "CONFIRM",
"url" : "http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5"
},
{
"name" : "http://cgit.freedesktop.org/accountsservice/commit/?id=27f3d93a82fde4f6c7ab54f3f008af04f93f9c69",
"refsource" : "CONFIRM",
"url" : "http://cgit.freedesktop.org/accountsservice/commit/?id=27f3d93a82fde4f6c7ab54f3f008af04f93f9c69"
},
{
"name" : "http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d",
"refsource" : "CONFIRM",
"url" : "http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d"
},
{
"name" : "http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721",
"refsource" : "CONFIRM",
"url" : "http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721"
},
{
"name" : "FEDORA-2012-10120",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083359.html"
},
{
"name" : "openSUSE-SU-2012:0845",
"refsource" : "SUSE",
"url" : "https://hermes.opensuse.org/messages/15100967"
},
{
"name" : "USN-1485-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1485-1"
},
{
"name" : "54223",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54223"
},
{
"name" : "83398",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/83398"
},
{
"name" : "49695",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49695"
},
{
"name" : "49759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49759"
},
{
"name" : "accountsservice-userchangeicon-info-disc(76648)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76648"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54223",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54223"
},
{
"name": "http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/accountsservice/commit/?id=bd51aa4cdac380f55d607f4ffdf2ab3c00d08721"
},
{
"name": "49695",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49695"
},
{
"name": "USN-1485-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1485-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=832532",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=832532"
},
{
"name": "49759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49759"
},
{
"name": "83398",
"refsource": "OSVDB",
"url": "http://osvdb.org/83398"
},
{
"name": "accountsservice-userchangeicon-info-disc(76648)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76648"
},
{
"name": "openSUSE-SU-2012:0845",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15100967"
},
{
"name": "http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/accountsservice/commit/?id=26213aa0e0d8dca5f36cc23f6942525224cbe9f5"
},
{
"name": "http://cgit.freedesktop.org/accountsservice/commit/?id=27f3d93a82fde4f6c7ab54f3f008af04f93f9c69",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/accountsservice/commit/?id=27f3d93a82fde4f6c7ab54f3f008af04f93f9c69"
},
{
"name": "[oss-security] 20120628 accountsservice local file disclosure flaw (CVE-2012-2737)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/28/9"
},
{
"name": "FEDORA-2012-10120",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-July/083359.html"
},
{
"name": "http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/accountsservice/commit/?id=4c5b12e363410e490e776e4b4a86dcce157a543d"
}
]
}
}

188
2012/2xxx/CVE-2012-2829.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2829",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=129947",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=129947"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html"
},
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5502",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5502"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name" : "openSUSE-SU-2012:0813",
"refsource" : "SUSE",
"url" : "https://hermes.opensuse.org/messages/15075728"
},
{
"name" : "oval:org.mitre.oval:def:15144",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15144"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the :first-letter pseudo-element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name": "openSUSE-SU-2012:0813",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15075728"
},
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "http://support.apple.com/kb/HT5502",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5502"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=129947",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=129947"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "oval:org.mitre.oval:def:15144",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15144"
}
]
}
}

208
2012/3xxx/CVE-2012-3613.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3613",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5502",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5502"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name" : "APPLE-SA-2012-09-19-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name" : "55534",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55534"
},
{
"name" : "85407",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85407"
},
{
"name" : "oval:org.mitre.oval:def:17224",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17224"
},
{
"name" : "apple-itunes-webkit-cve20123613(78523)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78523"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name": "85407",
"refsource": "OSVDB",
"url": "http://osvdb.org/85407"
},
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "oval:org.mitre.oval:def:17224",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17224"
},
{
"name": "http://support.apple.com/kb/HT5502",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5502"
},
{
"name": "55534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55534"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "apple-itunes-webkit-cve20123613(78523)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78523"
}
]
}
}

32
2012/3xxx/CVE-2012-3906.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3906",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3906",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2012/6xxx/CVE-2012-6138.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6138",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6536, CVE-2012-6537, CVE-2012-6538, CVE-2012-6539, CVE-2012-6540, CVE-2012-6541, CVE-2012-6542, CVE-2012-6543, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6547, CVE-2012-6548, CVE-2012-6549. Reason: This candidate is a duplicate of CVE-2012-6536, CVE-2012-6537, CVE-2012-6538, CVE-2012-6539, CVE-2012-6540, CVE-2012-6541, CVE-2012-6542, CVE-2012-6543, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6547, CVE-2012-6548, and CVE-2012-6549. Notes: All CVE users should reference one or more of CVE-2012-6536, CVE-2012-6537, CVE-2012-6538, CVE-2012-6539, CVE-2012-6540, CVE-2012-6541, CVE-2012-6542, CVE-2012-6543, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6547, CVE-2012-6548, and CVE-2012-6549 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6138",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-6536, CVE-2012-6537, CVE-2012-6538, CVE-2012-6539, CVE-2012-6540, CVE-2012-6541, CVE-2012-6542, CVE-2012-6543, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6547, CVE-2012-6548, CVE-2012-6549. Reason: This candidate is a duplicate of CVE-2012-6536, CVE-2012-6537, CVE-2012-6538, CVE-2012-6539, CVE-2012-6540, CVE-2012-6541, CVE-2012-6542, CVE-2012-6543, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6547, CVE-2012-6548, and CVE-2012-6549. Notes: All CVE users should reference one or more of CVE-2012-6536, CVE-2012-6537, CVE-2012-6538, CVE-2012-6539, CVE-2012-6540, CVE-2012-6541, CVE-2012-6542, CVE-2012-6543, CVE-2012-6544, CVE-2012-6545, CVE-2012-6546, CVE-2012-6547, CVE-2012-6548, and CVE-2012-6549 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

32
2012/6xxx/CVE-2012-6444.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6444",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6444",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2012/6xxx/CVE-2012-6558.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable (PE) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://waleedassar.blogspot.com/2012/05/pe-explorer-heap-overflow-vulnerability.html",
"refsource" : "MISC",
"url" : "http://waleedassar.blogspot.com/2012/05/pe-explorer-heap-overflow-vulnerability.html"
},
{
"name" : "53618",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53618"
},
{
"name" : "49239",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49239"
},
{
"name" : "pe-explorer-pe-bo(75742)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75742"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows remote attackers to execute arbitrary code via the size value for a string in the resource section of a Portable Executable (PE) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49239"
},
{
"name": "http://waleedassar.blogspot.com/2012/05/pe-explorer-heap-overflow-vulnerability.html",
"refsource": "MISC",
"url": "http://waleedassar.blogspot.com/2012/05/pe-explorer-heap-overflow-vulnerability.html"
},
{
"name": "pe-explorer-pe-bo(75742)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75742"
},
{
"name": "53618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53618"
}
]
}
}

158
2015/5xxx/CVE-2015-5005.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an \"su root\" action by leveraging presence on the cluster-wide password-change list."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://aix.software.ibm.com/aix/efixes/security/powerha_advisory.asc",
"refsource" : "CONFIRM",
"url" : "http://aix.software.ibm.com/aix/efixes/security/powerha_advisory.asc"
},
{
"name" : "IV76943",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IV76943"
},
{
"name" : "IV76946",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IV76946"
},
{
"name" : "IV77007",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=isg1IV77007"
},
{
"name" : "76948",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76948"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote authenticated users to perform an \"su root\" action by leveraging presence on the cluster-wide password-change list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aix.software.ibm.com/aix/efixes/security/powerha_advisory.asc",
"refsource": "CONFIRM",
"url": "http://aix.software.ibm.com/aix/efixes/security/powerha_advisory.asc"
},
{
"name": "IV76946",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV76946"
},
{
"name": "76948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76948"
},
{
"name": "IV77007",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV77007"
},
{
"name": "IV76943",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=isg1IV76943"
}
]
}
}

148
2015/5xxx/CVE-2015-5149.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5149",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37322",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37322/"
},
{
"name" : "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html"
},
{
"name" : "http://www.vulnerability-lab.com/get_content.php?id=1501",
"refsource" : "MISC",
"url" : "http://www.vulnerability-lab.com/get_content.php?id=1501"
},
{
"name" : "75512",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75512"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37322",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37322/"
},
{
"name": "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132376/ManageEngine-SupportCenter-Plus-7.90-XSS-Traversal-Password-Disclosure.html"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=1501",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=1501"
},
{
"name": "75512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75512"
}
]
}
}

158
2015/5xxx/CVE-2015-5177.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5177",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1251064",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1251064"
},
{
"name" : "DSA-3353",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2015/dsa-3353"
},
{
"name" : "76635",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76635"
},
{
"name" : "1033719",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033719"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the SLPDKnownDAAdd function in slpd/slpd_knownda.c in OpenSLP 1.2.1 allows remote attackers to cause a denial of service (crash) via a crafted package."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/p/openslp/mercurial/ci/2bc15d0494f886d9c4fe342d23bc160605aea51d/"
},
{
"name": "DSA-3353",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2015/dsa-3353"
},
{
"name": "1033719",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033719"
},
{
"name": "76635",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76635"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251064"
}
]
}
}

148
2015/5xxx/CVE-2015-5315.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20151110 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/11/10/10"
},
{
"name" : "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt",
"refsource" : "CONFIRM",
"url" : "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt"
},
{
"name" : "DSA-3397",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2015/dsa-3397"
},
{
"name" : "USN-2808-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2808-1"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6 does not validate that the reassembly buffer is large enough for the final fragment when EAP-pwd is enabled in a network configuration profile, which allows remote attackers to cause a denial of service (process termination) via a large final fragment in an EAP-pwd message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2808-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2808-1"
},
{
"name": "DSA-3397",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2015/dsa-3397"
},
{
"name": "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt",
"refsource": "CONFIRM",
"url": "http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt"
},
{
"name": "[oss-security] 20151110 hostapd/wpa_supplicant: EAP-pwd missing last fragment length validation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/10/10"
}
]
}
}

168
2015/5xxx/CVE-2015-5461.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5461",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5461",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150705 Open redirect vulnerability in StageShow Wordpress plugin v5.0.8",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jul/27"
},
{
"name" : "http://packetstormsecurity.com/files/132553/WordPress-StageShow-5.0.8-Open-Redirect.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132553/WordPress-StageShow-5.0.8-Open-Redirect.html"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8073",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8073"
},
{
"name" : "https://plugins.trac.wordpress.org/changeset/1165310/",
"refsource" : "CONFIRM",
"url" : "https://plugins.trac.wordpress.org/changeset/1165310/"
},
{
"name" : "https://wordpress.org/plugins/stageshow/changelog/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/stageshow/changelog/"
},
{
"name" : "75552",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75552"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the Redirect function in stageshow_redirect.php in the StageShow plugin before 5.0.9 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/stageshow/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/stageshow/changelog/"
},
{
"name": "http://packetstormsecurity.com/files/132553/WordPress-StageShow-5.0.8-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132553/WordPress-StageShow-5.0.8-Open-Redirect.html"
},
{
"name": "20150705 Open redirect vulnerability in StageShow Wordpress plugin v5.0.8",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jul/27"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8073",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8073"
},
{
"name": "75552",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75552"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/1165310/",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/1165310/"
}
]
}
}

158
2015/5xxx/CVE-2015-5465.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5465",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150901 KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536370/100/0/threaded"
},
{
"name" : "38054",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/38054/"
},
{
"name" : "20150901 KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Sep/1"
},
{
"name" : "http://packetstormsecurity.com/files/133399/SiS-Windows-VGA-Display-Manager-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133399/SiS-Windows-VGA-Display-Manager-Privilege-Escalation.html"
},
{
"name" : "https://www.korelogic.com/Resources/Advisories/KL-001-2015-003.txt",
"refsource" : "MISC",
"url" : "https://www.korelogic.com/Resources/Advisories/KL-001-2015-003.txt"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150901 KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536370/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/133399/SiS-Windows-VGA-Display-Manager-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133399/SiS-Windows-VGA-Display-Manager-Privilege-Escalation.html"
},
{
"name": "38054",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38054/"
},
{
"name": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-003.txt",
"refsource": "MISC",
"url": "https://www.korelogic.com/Resources/Advisories/KL-001-2015-003.txt"
},
{
"name": "20150901 KL-001-2015-003 : SiS Windows VGA Display Manager Multiple Privilege Escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/1"
}
]
}
}

198
2015/5xxx/CVE-2015-5556.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5556",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-5556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "GLSA-201508-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201508-01"
},
{
"name" : "RHSA-2015:1603",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1603.html"
},
{
"name" : "openSUSE-SU-2015:1781",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name" : "76288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76288"
},
{
"name" : "1033235",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033235"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "GLSA-201508-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201508-01"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"
},
{
"name": "openSUSE-SU-2015:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name": "1033235",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033235"
},
{
"name": "76288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76288"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name": "RHSA-2015:1603",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1603.html"
}
]
}
}

152
2018/11xxx/CVE-2018-11465.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"ID" : "CVE-2018-11465",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8",
"version" : {
"version_data" : [
{
"version_value" : "SINUMERIK 808D V4.7 : All versions"
},
{
"version_value" : "SINUMERIK 808D V4.8 : All versions"
},
{
"version_value" : "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1"
},
{
"version_value" : "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5"
},
{
"version_value" : "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could use ioctl calls to do out of bounds reads, arbitrary writes, or execute code in kernel mode. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-248: Uncaught Exception"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"ID": "CVE-2018-11465",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SINUMERIK 808D V4.7, SINUMERIK 808D V4.8, SINUMERIK 828D V4.7, SINUMERIK 840D sl V4.7, SINUMERIK 840D sl V4.8",
"version": {
"version_data": [
{
"version_value": "SINUMERIK 808D V4.7 : All versions"
},
{
"version_value": "SINUMERIK 808D V4.8 : All versions"
},
{
"version_value": "SINUMERIK 828D V4.7 : All versions < V4.7 SP6 HF1"
},
{
"version_value": "SINUMERIK 840D sl V4.7 : All versions < V4.7 SP6 HF5"
},
{
"version_value": "SINUMERIK 840D sl V4.8 : All versions < V4.8 SP3"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
},
{
"name" : "106185",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106185"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SINUMERIK 808D V4.7 (All versions), SINUMERIK 808D V4.8 (All versions), SINUMERIK 828D V4.7 (All versions < V4.7 SP6 HF1), SINUMERIK 840D sl V4.7 (All versions < V4.7 SP6 HF5), SINUMERIK 840D sl V4.8 (All versions < V4.8 SP3). A local attacker could use ioctl calls to do out of bounds reads, arbitrary writes, or execute code in kernel mode. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise confidentiality, integrity and availability of the system. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-248: Uncaught Exception"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106185"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-170881.pdf"
}
]
}
}

128
2018/11xxx/CVE-2018-11710.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11710",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/",
"refsource" : "CONFIRM",
"url" : "https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/"
},
{
"name" : "https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150",
"refsource" : "CONFIRM",
"url" : "https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an invalid write near address 0 in an out-of-memory situation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/",
"refsource": "CONFIRM",
"url": "https://lib.openmpt.org/libopenmpt/2018/04/29/security-updates-0.3.9-0.2-beta32-0.2.7561-beta20.5-p9-0.2.7386-beta20.3-p12/"
},
{
"name": "https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150",
"refsource": "CONFIRM",
"url": "https://source.openmpt.org/browse/openmpt/trunk/?op=revision&rev=10149&peg=10150"
}
]
}
}

138
2018/15xxx/CVE-2018-15965.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-15965",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ColdFusion",
"version" : {
"version_data" : [
{
"version_value" : "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions"
}
]
}
}
]
},
"vendor_name" : "Adobe"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Deserialization of untrusted data"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-15965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ColdFusion",
"version": {
"version_data": [
{
"version_value": "July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier versions"
}
]
}
}
]
},
"vendor_name": "Adobe"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html"
},
{
"name" : "105313",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105313"
},
{
"name" : "1041621",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041621"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead to arbitrary code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Deserialization of untrusted data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/coldfusion/apsb18-33.html"
},
{
"name": "1041621",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041621"
},
{
"name": "105313",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105313"
}
]
}
}

32
2018/3xxx/CVE-2018-3319.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3319",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3319",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/3xxx/CVE-2018-3355.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3355",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3355",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/3xxx/CVE-2018-3580.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-05-11T00:00:00",
"ID" : "CVE-2018-3580",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stack-based Buffer Overflow in WLAN"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-05-11T00:00:00",
"ID": "CVE-2018-3580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2",
"refsource" : "MISC",
"url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow can occur In the WLAN driver if the pmkid_count value is larger than the PMKIDCache size in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2",
"refsource": "MISC",
"url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2"
}
]
}
}

370
2018/8xxx/CVE-2018-8145.json
View File

@ -1,188 +1,188 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8145",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
{
"version_value" : "ChakraCore"
}
]
}
},
{
"product_name" : "Internet Explorer 11",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value" : "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value" : "Windows 8.1 for 32-bit systems"
},
{
"version_value" : "Windows 8.1 for x64-based systems"
},
{
"version_value" : "Windows RT 8.1"
},
{
"version_value" : "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value" : "Windows Server 2012 R2"
},
{
"version_value" : "Windows Server 2016"
}
]
}
},
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "Windows Server 2016"
}
]
}
},
{
"product_name" : "Internet Explorer 10",
"version" : {
"version_data" : [
{
"version_value" : "Windows Server 2012"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value": "ChakraCore"
}
]
}
},
{
"product_name": "Internet Explorer 11",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows 7 for 32-bit Systems Service Pack 1"
},
{
"version_value": "Windows 7 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows 8.1 for 32-bit systems"
},
{
"version_value": "Windows 8.1 for x64-based systems"
},
{
"version_value": "Windows RT 8.1"
},
{
"version_value": "Windows Server 2008 R2 for x64-based Systems Service Pack 1"
},
{
"version_value": "Windows Server 2012 R2"
},
{
"version_value": "Windows Server 2016"
}
]
}
},
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows Server 2016"
}
]
}
},
{
"product_name": "Internet Explorer 10",
"version": {
"version_data": [
{
"version_value": "Windows Server 2012"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45011",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45011/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8145",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8145"
},
{
"name" : "103986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103986"
},
{
"name" : "1040844",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040844"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8177."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8145",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8145"
},
{
"name": "45011",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45011/"
},
{
"name": "103986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103986"
},
{
"name": "1040844",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040844"
}
]
}
}

202
2018/8xxx/CVE-2018-8171.json
View File

@ -1,104 +1,104 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ASP.NET",
"version" : {
"version_data" : [
{
"version_value" : "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
},
{
"version_value" : "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
}
]
}
},
{
"product_name" : "ASP.NET Core",
"version" : {
"version_data" : [
{
"version_value" : "1.0"
},
{
"version_value" : "1.1"
},
{
"version_value" : "2.0"
}
]
}
},
{
"product_name" : "ASP.NET MVC 5.2",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Visual Studio 2013 Update 5"
},
{
"version_value" : "Microsoft Visual Studio 2015 Update 3"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASP.NET",
"version": {
"version_data": [
{
"version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2013 Update 5"
},
{
"version_value": "Web Pages 3.2.3 on Microsoft Visual Studio 2015 Update 3"
}
]
}
},
{
"product_name": "ASP.NET Core",
"version": {
"version_data": [
{
"version_value": "1.0"
},
{
"version_value": "1.1"
},
{
"version_value": "2.0"
}
]
}
},
{
"product_name": "ASP.NET MVC 5.2",
"version": {
"version_data": [
{
"version_value": "Microsoft Visual Studio 2013 Update 5"
},
{
"version_value": "Microsoft Visual Studio 2015 Update 3"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
},
{
"name" : "104659",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104659"
},
{
"name" : "1041267",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041267"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated, aka \"ASP.NET Security Feature Bypass Vulnerability.\" This affects ASP.NET, ASP.NET Core 1.1, ASP.NET Core 1.0, ASP.NET Core 2.0, ASP.NET MVC 5.2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041267",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041267"
},
{
"name": "104659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104659"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8171"
}
]
}
}

296
2018/8xxx/CVE-2018-8471.json
View File

@ -1,151 +1,151 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8471",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "Windows Server 2016"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "Version 1809 for 32-bit Systems"
},
{
"version_value" : "Version 1809 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2019",
"version" : {
"version_data" : [
{
"version_value" : "Windows Server 2019"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka \"Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 8.1, Windows 7, Windows Server 2019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8471",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "Windows Server 2016"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "Windows Server 2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8471",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8471"
},
{
"name" : "105800",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105800"
},
{
"name" : "1042121",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042121"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists in the way that the Microsoft RemoteFX Virtual GPU miniport driver handles objects in memory, aka \"Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 8.1, Windows 7, Windows Server 2019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1042121",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042121"
},
{
"name": "105800",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105800"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8471",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8471"
}
]
}
}

128
2018/8xxx/CVE-2018-8652.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8652",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Azure Pack Rollup 13.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows Azure Pack Rollup 13.1"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka \"Windows Azure Pack Cross Site Scripting Vulnerability.\" This affects Windows Azure Pack Rollup 13.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Azure Pack Rollup 13.1",
"version": {
"version_data": [
{
"version_value": "Windows Azure Pack Rollup 13.1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8652",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8652"
},
{
"name" : "106155",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106155"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka \"Windows Azure Pack Cross Site Scripting Vulnerability.\" This affects Windows Azure Pack Rollup 13.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8652",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8652"
},
{
"name": "106155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106155"
}
]
}
}

32
2018/8xxx/CVE-2018-8726.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8726",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8726",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}