admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:01:11 +00:00
parent 607c5b31ac
commit 139b59efef
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
46 changed files with 3626 additions and 3616 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2005/0xxx/CVE-2005-0495.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0495",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050219 Multiples vulnerability in ZeroBoard,",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110884332105513&w=2"
},
{
"name" : "1013243",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013243"
},
{
"name" : "zeroboard-xss(19420)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19420"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote attackers to inject arbitrary web script or HTML via the (1) sn1, (2) year, or (3) page parameter to zboard.php or (4) filename to view_image.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zeroboard-xss(19420)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19420"
},
{
"name": "20050219 Multiples vulnerability in ZeroBoard,",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110884332105513&w=2"
},
{
"name": "1013243",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013243"
}
]
}
}

150
2005/0xxx/CVE-2005-0847.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0847",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of connections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0847",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "893",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/893"
},
{
"name" : "14662",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14662"
},
{
"name" : "12859",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12859"
},
{
"name" : "ocean-ftp-connection-dos(19777)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19777"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of connections."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ocean-ftp-connection-dos(19777)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19777"
},
{
"name": "12859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12859"
},
{
"name": "893",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/893"
},
{
"name": "14662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14662"
}
]
}
}

360
2005/2xxx/CVE-2005-2929.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2929",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051110 Multiple Vendor Lynx Command Injection Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=338&type=vulnerabilities"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm"
},
{
"name" : "FLSA:152832",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/419763/100/0/threaded"
},
{
"name" : "GLSA-200511-09",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-09.xml"
},
{
"name" : "MDKSA-2005:211",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:211"
},
{
"name" : "OpenPKG-SA-2005.026",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html"
},
{
"name" : "RHSA-2005:839",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-839.html"
},
{
"name" : "SCOSA-2005.55",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.55/SCOSA-2005.55.txt"
},
{
"name" : "SCOSA-2006.7",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt"
},
{
"name" : "15395",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15395"
},
{
"name" : "oval:org.mitre.oval:def:9712",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9712"
},
{
"name" : "ADV-2005-2394",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2394"
},
{
"name" : "1015195",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015195"
},
{
"name" : "18051",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18051"
},
{
"name" : "17372",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17372"
},
{
"name" : "17512",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17512"
},
{
"name" : "17546",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17546"
},
{
"name" : "17556",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17556"
},
{
"name" : "17576",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17576"
},
{
"name" : "17666",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17666"
},
{
"name" : "17757",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17757"
},
{
"name" : "18376",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18376"
},
{
"name" : "18659",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18659"
},
{
"name" : "173",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/173"
},
{
"name" : "lynx-lynxcgi-command-execute(23119)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23119"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17556",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17556"
},
{
"name": "18376",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18376"
},
{
"name": "17666",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17666"
},
{
"name": "15395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15395"
},
{
"name": "ADV-2005-2394",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2394"
},
{
"name": "17546",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17546"
},
{
"name": "17576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17576"
},
{
"name": "OpenPKG-SA-2005.026",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.026-lynx.html"
},
{
"name": "17757",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17757"
},
{
"name": "oval:org.mitre.oval:def:9712",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9712"
},
{
"name": "20051110 Multiple Vendor Lynx Command Injection Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=338&type=vulnerabilities"
},
{
"name": "lynx-lynxcgi-command-execute(23119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23119"
},
{
"name": "FLSA:152832",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/419763/100/0/threaded"
},
{
"name": "GLSA-200511-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-09.xml"
},
{
"name": "18659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18659"
},
{
"name": "RHSA-2005:839",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-839.html"
},
{
"name": "173",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/173"
},
{
"name": "18051",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18051"
},
{
"name": "17512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17512"
},
{
"name": "SCOSA-2006.7",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt"
},
{
"name": "MDKSA-2005:211",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:211"
},
{
"name": "17372",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17372"
},
{
"name": "SCOSA-2005.55",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.55/SCOSA-2005.55.txt"
},
{
"name": "1015195",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015195"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-035.htm"
}
]
}
}

450
2005/2xxx/CVE-2005-2973.json
View File

@ -1,227 +1,227 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2973",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA",
"refsource" : "CONFIRM",
"url" : "http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170772",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170772"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm"
},
{
"name" : "DSA-1017",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1017"
},
{
"name" : "DSA-1018",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1018"
},
{
"name" : "FEDORA-2005-1007",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/advisories/9549"
},
{
"name" : "FEDORA-2005-1013",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/advisories/9555"
},
{
"name" : "FLSA:157459-1",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/428028/100/0/threaded"
},
{
"name" : "FLSA:157459-2",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/428058/100/0/threaded"
},
{
"name" : "FLSA:157459-3",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name" : "MDKSA-2006:040",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:040"
},
{
"name" : "MDKSA-2006:072",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:072"
},
{
"name" : "RHSA-2006:0140",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0140.html"
},
{
"name" : "RHSA-2006:0190",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0190.html"
},
{
"name" : "RHSA-2006:0191",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0191.html"
},
{
"name" : "RHSA-2006:0493",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0493.html"
},
{
"name" : "SUSE-SA:2005:067",
"refsource" : "SUSE",
"url" : "http://www.securityfocus.com/advisories/9806"
},
{
"name" : "SUSE-SA:2005:068",
"refsource" : "SUSE",
"url" : "http://www.securityfocus.com/archive/1/419522/100/0/threaded"
},
{
"name" : "USN-219-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/219-1/"
},
{
"name" : "15156",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15156"
},
{
"name" : "oval:org.mitre.oval:def:10041",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10041"
},
{
"name" : "ADV-2005-2173",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2173"
},
{
"name" : "20163",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20163"
},
{
"name" : "17917",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17917"
},
{
"name" : "17918",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17918"
},
{
"name" : "17261",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17261"
},
{
"name" : "18562",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18562"
},
{
"name" : "18684",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18684"
},
{
"name" : "17280",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17280"
},
{
"name" : "19374",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19374"
},
{
"name" : "19369",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19369"
},
{
"name" : "19185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19185"
},
{
"name" : "20237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20237"
},
{
"name" : "21745",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21745"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2006:0140",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0140.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-161.htm"
},
{
"name": "RHSA-2006:0493",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0493.html"
},
{
"name": "17917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17917"
},
{
"name": "18684",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18684"
},
{
"name": "17261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17261"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170772",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=170772"
},
{
"name": "oval:org.mitre.oval:def:10041",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10041"
},
{
"name": "SUSE-SA:2005:067",
"refsource": "SUSE",
"url": "http://www.securityfocus.com/advisories/9806"
},
{
"name": "MDKSA-2006:040",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:040"
},
{
"name": "19369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19369"
},
{
"name": "21745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21745"
},
{
"name": "DSA-1018",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1018"
},
{
"name": "19185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19185"
},
{
"name": "SUSE-SA:2005:068",
"refsource": "SUSE",
"url": "http://www.securityfocus.com/archive/1/419522/100/0/threaded"
},
{
"name": "FLSA:157459-2",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/428058/100/0/threaded"
},
{
"name": "ADV-2005-2173",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2173"
},
{
"name": "FEDORA-2005-1013",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/advisories/9555"
},
{
"name": "USN-219-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/219-1/"
},
{
"name": "RHSA-2006:0190",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0190.html"
},
{
"name": "15156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15156"
},
{
"name": "20163",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20163"
},
{
"name": "FLSA:157459-1",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/428028/100/0/threaded"
},
{
"name": "17280",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17280"
},
{
"name": "FEDORA-2005-1007",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/advisories/9549"
},
{
"name": "MDKSA-2006:072",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:072"
},
{
"name": "17918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17918"
},
{
"name": "FLSA:157459-3",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name": "DSA-1017",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1017"
},
{
"name": "20237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20237"
},
{
"name": "http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA",
"refsource": "CONFIRM",
"url": "http://linux.bkbits.net:8080/linux-2.6/cset@4342df67SNhRx_3FGhUrrU-FXLlQIA"
},
{
"name": "19374",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19374"
},
{
"name": "RHSA-2006:0191",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0191.html"
},
{
"name": "18562",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18562"
}
]
}
}

170
2005/3xxx/CVE-2005-3081.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3081",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3081",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050924 It's time for some warez - wzdftpd remote exploit",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0646.html"
},
{
"name" : "http://www.securiteam.com/exploits/5CP0R1PGUE.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/exploits/5CP0R1PGUE.html"
},
{
"name" : "DSA-1006",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1006"
},
{
"name" : "14935",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14935"
},
{
"name" : "19682",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19682"
},
{
"name" : "16936",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16936"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19682",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19682"
},
{
"name": "http://www.securiteam.com/exploits/5CP0R1PGUE.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5CP0R1PGUE.html"
},
{
"name": "DSA-1006",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1006"
},
{
"name": "16936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16936"
},
{
"name": "14935",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14935"
},
{
"name": "20050924 It's time for some warez - wzdftpd remote exploit",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0646.html"
}
]
}
}

170
2005/3xxx/CVE-2005-3451.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3451",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in SQL*ReportWriter in Oracle Application Server 9.0 up to 9.0.2.1 has unknown impact and attack vectors, as identified by Oracle Vuln# AS10."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3451",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html"
},
{
"name" : "TA05-292A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html"
},
{
"name" : "VU#210524",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/210524"
},
{
"name" : "VU#171364",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/171364"
},
{
"name" : "15134",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15134"
},
{
"name" : "17250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17250"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SQL*ReportWriter in Oracle Application Server 9.0 up to 9.0.2.1 has unknown impact and attack vectors, as identified by Oracle Vuln# AS10."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html"
},
{
"name": "TA05-292A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html"
},
{
"name": "VU#171364",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/171364"
},
{
"name": "15134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15134"
},
{
"name": "VU#210524",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/210524"
},
{
"name": "17250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17250"
}
]
}
}

150
2005/4xxx/CVE-2005-4205.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/locazolist-classifieds-v103c-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/locazolist-classifieds-v103c-vuln.html"
},
{
"name" : "15812",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15812"
},
{
"name" : "21530",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21530"
},
{
"name" : "17983",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17983"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17983",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17983"
},
{
"name": "http://pridels0.blogspot.com/2005/12/locazolist-classifieds-v103c-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/locazolist-classifieds-v103c-vuln.html"
},
{
"name": "15812",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15812"
},
{
"name": "21530",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21530"
}
]
}
}

140
2005/4xxx/CVE-2005-4353.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4353",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4353",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2005-2926",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2926"
},
{
"name" : "21768",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21768"
},
{
"name" : "18058",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18058"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21768",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21768"
},
{
"name": "18058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18058"
},
{
"name": "ADV-2005-2926",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2926"
}
]
}
}

170
2005/4xxx/CVE-2005-4499.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4499",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"name" : "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"name" : "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml",
"refsource" : "MISC",
"url" : "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"name" : "16025",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16025"
},
{
"name" : "22193",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22193"
},
{
"name" : "18141",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18141"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 concentrators, when creating an ACL on the Cisco Secure Access Control Server (CS ACS), generates a random internal name for an ACL that is also used as a hidden user name and password, which allows remote attackers to gain privileges by sniffing the username from the cleartext portion of a RADIUS session, then using the password to log in to another device that uses CS ACS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051221 Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420020/100/0/threaded"
},
{
"name": "16025",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16025"
},
{
"name": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml",
"refsource": "MISC",
"url": "http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_field_notice09186a00805bf1c4.shtml"
},
{
"name": "22193",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22193"
},
{
"name": "20051222 Re: Cisco PIX / CS ACS: Downloadable RADIUS ACLs vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420103/100/0/threaded"
},
{
"name": "18141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18141"
}
]
}
}

130
2005/4xxx/CVE-2005-4705.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4705",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4705",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "BEA05-86.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/141"
},
{
"name" : "20095",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20095"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA05-86.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/141"
},
{
"name": "20095",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20095"
}
]
}
}

160
2009/2xxx/CVE-2009-2590.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2590",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt"
},
{
"name" : "56175",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56175"
},
{
"name" : "35893",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35893"
},
{
"name" : "ADV-2009-1978",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1978"
},
{
"name" : "hutscripts-cid-sql-injection(51913)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51913"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in showcategory.php in Hutscripts PHP Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1978",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1978"
},
{
"name": "hutscripts-cid-sql-injection(51913)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51913"
},
{
"name": "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/hutscript-sqlxss.txt"
},
{
"name": "56175",
"refsource": "OSVDB",
"url": "http://osvdb.org/56175"
},
{
"name": "35893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35893"
}
]
}
}

150
2009/2xxx/CVE-2009-2810.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a \"potentially unsafe\" warning message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3937",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3937"
},
{
"name" : "APPLE-SA-2009-11-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name" : "36956",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36956"
},
{
"name" : "ADV-2009-3184",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively clears quarantine information upon opening a quarantined folder, which allows user-assisted remote attackers to execute arbitrary code via a quarantined application that does not trigger a \"potentially unsafe\" warning message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}

150
2009/3xxx/CVE-2009-3278.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090918 Advisory: Crypto backdoor in Qnap storage devices (CVE-2009-3200)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506607/100/0/threaded"
},
{
"name" : "http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt",
"refsource" : "MISC",
"url" : "http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt"
},
{
"name" : "36467",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36467"
},
{
"name" : "36793",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36793"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 0627, and 3.1.1 0815 use the rand library function to generate a certain recovery key, which makes it easier for local users to determine this key via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt",
"refsource": "MISC",
"url": "http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt"
},
{
"name": "36793",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36793"
},
{
"name": "20090918 Advisory: Crypto backdoor in Qnap storage devices (CVE-2009-3200)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506607/100/0/threaded"
},
{
"name": "36467",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36467"
}
]
}
}

34
2009/3xxx/CVE-2009-3773.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3773",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3773",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2009/4xxx/CVE-2009-4217.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4217",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37146",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37146"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Itamar Elharar MusicGallery (com_musicgallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an itempage action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37146"
}
]
}
}

120
2009/4xxx/CVE-2009-4232.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4232",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37508",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37508"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not properly perform authentication, which allows remote attackers to post messages with an arbitrary account name via an insertar action to index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37508"
}
]
}
}

160
2009/4xxx/CVE-2009-4518.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4518",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/616546",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/616546"
},
{
"name" : "http://drupal.org/node/617400",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/617400"
},
{
"name" : "36861",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36861"
},
{
"name" : "37199",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37199"
},
{
"name" : "ADV-2009-3086",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3086"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x before 5.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via an inserted node."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3086",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3086"
},
{
"name": "37199",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37199"
},
{
"name": "http://drupal.org/node/617400",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/617400"
},
{
"name": "http://drupal.org/node/616546",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/616546"
},
{
"name": "36861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36861"
}
]
}
}

150
2009/4xxx/CVE-2009-4813.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4813",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "10622",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10622"
},
{
"name" : "37464",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37464"
},
{
"name" : "61298",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61298"
},
{
"name" : "37910",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37910"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka MyBulletinBoard) 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a donate action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37910",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37910"
},
{
"name": "10622",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10622"
},
{
"name": "37464",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37464"
},
{
"name": "61298",
"refsource": "OSVDB",
"url": "http://osvdb.org/61298"
}
]
}
}

140
2009/4xxx/CVE-2009-4957.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4957",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4957",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8346",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/8346"
},
{
"name" : "34362",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34362"
},
{
"name" : "activekb-loadpanel-file-include(49646)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49646"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in loadpanel.php in Interspire ActiveKB allows remote attackers to read arbitrary files and possibly have unspecified other impact via directory traversal sequences in the Panel parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34362",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34362"
},
{
"name": "activekb-loadpanel-file-include(49646)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49646"
},
{
"name": "8346",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8346"
}
]
}
}

570
2015/0xxx/CVE-2015-0288.json
View File

@ -1,287 +1,287 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0288",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202418",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202418"
},
{
"name" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9",
"refsource" : "CONFIRM",
"url" : "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9"
},
{
"name" : "https://rt.openssl.org/Ticket/Display.html?id=3708&user=guest&pass=guest",
"refsource" : "CONFIRM",
"url" : "https://rt.openssl.org/Ticket/Display.html?id=3708&user=guest&pass=guest"
},
{
"name" : "https://www.openssl.org/news/secadv_20150319.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv_20150319.txt"
},
{
"name" : "https://access.redhat.com/articles/1384453",
"refsource" : "CONFIRM",
"url" : "https://access.redhat.com/articles/1384453"
},
{
"name" : "http://support.apple.com/kb/HT204942",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT204942"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa92",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa92"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10110",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10110"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "https://support.citrix.com/article/CTX216642",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX216642"
},
{
"name" : "APPLE-SA-2015-06-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name" : "DSA-3197",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3197"
},
{
"name" : "FEDORA-2015-4300",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
},
{
"name" : "FEDORA-2015-4303",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
},
{
"name" : "FEDORA-2015-4320",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
},
{
"name" : "FEDORA-2015-6855",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
},
{
"name" : "FEDORA-2015-6951",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
},
{
"name" : "FreeBSD-SA-15:06",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
},
{
"name" : "GLSA-201503-11",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-11"
},
{
"name" : "HPSBGN03306",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142841429220765&w=2"
},
{
"name" : "HPSBMU03380",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143748090628601&w=2"
},
{
"name" : "HPSBMU03397",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050297101809&w=2"
},
{
"name" : "HPSBMU03409",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
},
{
"name" : "HPSBMU03413",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050254401665&w=2"
},
{
"name" : "HPSBUX03334",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143213830203296&w=2"
},
{
"name" : "SSRT102000",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143213830203296&w=2"
},
{
"name" : "MDVSA-2015:062",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"name" : "MDVSA-2015:063",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
},
{
"name" : "RHSA-2015:0716",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
},
{
"name" : "RHSA-2015:0715",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
},
{
"name" : "RHSA-2015:0752",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
},
{
"name" : "RHSA-2015:0800",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
},
{
"name" : "openSUSE-SU-2015:0554",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
},
{
"name" : "SUSE-SU-2015:0541",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
},
{
"name" : "SUSE-SU-2015:0578",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name" : "openSUSE-SU-2016:0640",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name" : "openSUSE-SU-2015:1277",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"name" : "USN-2537-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2537-1"
},
{
"name" : "73237",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73237"
},
{
"name" : "1031929",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL before 0.9.8zf, 1.0.0 before 1.0.0r, 1.0.1 before 1.0.1m, and 1.0.2 before 1.0.2a might allow attackers to cause a denial of service (NULL pointer dereference and application crash) via an invalid certificate key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "RHSA-2015:0715",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0715.html"
},
{
"name": "openSUSE-SU-2015:0554",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00062.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10680"
},
{
"name": "DSA-3197",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3197"
},
{
"name": "USN-2537-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2537-1"
},
{
"name": "HPSBMU03409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
},
{
"name": "FEDORA-2015-4303",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152733.html"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa92",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa92"
},
{
"name": "https://www.openssl.org/news/secadv_20150319.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20150319.txt"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "HPSBMU03380",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "FEDORA-2015-4300",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152844.html"
},
{
"name": "https://rt.openssl.org/Ticket/Display.html?id=3708&user=guest&pass=guest",
"refsource": "CONFIRM",
"url": "https://rt.openssl.org/Ticket/Display.html?id=3708&user=guest&pass=guest"
},
{
"name": "APPLE-SA-2015-06-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "FEDORA-2015-6951",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156823.html"
},
{
"name": "openSUSE-SU-2016:0640",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
},
{
"name": "https://access.redhat.com/articles/1384453",
"refsource": "CONFIRM",
"url": "https://access.redhat.com/articles/1384453"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "73237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73237"
},
{
"name": "openSUSE-SU-2015:1277",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"name": "HPSBUX03334",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143213830203296&w=2"
},
{
"name": "MDVSA-2015:063",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:063"
},
{
"name": "SUSE-SU-2015:0541",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00022.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "RHSA-2015:0716",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0716.html"
},
{
"name": "HPSBGN03306",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142841429220765&w=2"
},
{
"name": "http://support.apple.com/kb/HT204942",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "SUSE-SU-2015:0578",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"
},
{
"name": "FreeBSD-SA-15:06",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15%3A06.openssl.asc"
},
{
"name": "HPSBMU03397",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1202418",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202418"
},
{
"name": "RHSA-2015:0752",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0752.html"
},
{
"name": "RHSA-2015:0800",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0800.html"
},
{
"name": "1031929",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031929"
},
{
"name": "SSRT102000",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143213830203296&w=2"
},
{
"name": "MDVSA-2015:062",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"name": "FEDORA-2015-4320",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152734.html"
},
{
"name": "https://support.citrix.com/article/CTX216642",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX216642"
},
{
"name": "FEDORA-2015-6855",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157177.html"
},
{
"name": "HPSBMU03413",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050254401665&w=2"
},
{
"name": "GLSA-201503-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-11"
},
{
"name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9",
"refsource": "CONFIRM",
"url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=28a00bcd8e318da18031b2ac8778c64147cd54f9"
}
]
}
}

140
2015/0xxx/CVE-2015-0519.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0519",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150205 ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2015-02/0043.html"
},
{
"name" : "http://packetstormsecurity.com/files/130284/EMC-Captiva-Capture-Sensitive-Information-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130284/EMC-Captiva-Capture-Sensitive-Information-Disclosure.html"
},
{
"name" : "emc-captiva-cve20150519-info-disc(100748)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100748"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130284/EMC-Captiva-Capture-Sensitive-Information-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130284/EMC-Captiva-Capture-Sensitive-Information-Disclosure.html"
},
{
"name": "emc-captiva-cve20150519-info-disc(100748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100748"
},
{
"name": "20150205 ESA-2015-012: EMC Captiva Capture Sensitive Information Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2015-02/0043.html"
}
]
}
}

142
2015/0xxx/CVE-2015-0576.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2015-0576",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in WCDMA"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2015-0576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy without Checking Size of Input in WCDMA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

150
2015/0xxx/CVE-2015-0600.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0600",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37341",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37341"
},
{
"name" : "20150203 Cisco Unified IP Phone 9900 Series Mobility Extension Availability Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0600"
},
{
"name" : "72481",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72481"
},
{
"name" : "cisco-ipphones-cve20150600-dos(100726)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100726"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mobility extension on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to cause a denial of service (logoff) via crafted packets, aka Bug ID CSCuq12139."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150203 Cisco Unified IP Phone 9900 Series Mobility Extension Availability Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0600"
},
{
"name": "cisco-ipphones-cve20150600-dos(100726)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100726"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37341",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37341"
},
{
"name": "72481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72481"
}
]
}
}

130
2015/0xxx/CVE-2015-0858.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0858",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a",
"refsource" : "CONFIRM",
"url" : "https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a"
},
{
"name" : "DSA-3562",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3562"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cool Projects TarDiff allows local users to write to arbitrary files via a symlink attack on a pathname in a /tmp/tardiff-$$ temporary directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3562",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3562"
},
{
"name": "https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a",
"refsource": "CONFIRM",
"url": "https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a"
}
]
}
}

150
2015/1xxx/CVE-2015-1111.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT204661",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204661"
},
{
"name" : "APPLE-SA-2015-04-08-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name" : "73978",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73978"
},
{
"name" : "1032050",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032050"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs data in response to a history-clearing action, which allows attackers to obtain sensitive information by reading a history file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "73978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73978"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}

160
2015/1xxx/CVE-2015-1126.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1126",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT204658",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204658"
},
{
"name" : "https://support.apple.com/HT204661",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204661"
},
{
"name" : "APPLE-SA-2015-04-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html"
},
{
"name" : "APPLE-SA-2015-04-08-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name" : "1032047",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032047"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, does not properly handle the userinfo field in FTP URLs, which allows remote attackers to trigger incorrect resource access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204658",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204658"
},
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "APPLE-SA-2015-04-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00000.html"
},
{
"name": "1032047",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032047"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}

140
2015/1xxx/CVE-2015-1718.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1718",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1711, and CVE-2015-1717."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-043",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043"
},
{
"name" : "74607",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74607"
},
{
"name" : "1032282",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032282"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1658, CVE-2015-1706, CVE-2015-1711, and CVE-2015-1717."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74607"
},
{
"name": "1032282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032282"
},
{
"name": "MS15-043",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043"
}
]
}
}

150
2015/4xxx/CVE-2015-4073.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4073",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37666",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37666/"
},
{
"name" : "20151231 Joomla! plugin Helpdesk Pro < 1.4.0",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jul/102"
},
{
"name" : "http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html"
},
{
"name" : "75971",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75971"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37666",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37666/"
},
{
"name": "http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132766/Joomla-Helpdesk-Pro-XSS-File-Disclosure-SQL-Injection.html"
},
{
"name": "75971",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75971"
},
{
"name": "20151231 Joomla! plugin Helpdesk Pro < 1.4.0",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jul/102"
}
]
}
}

34
2015/5xxx/CVE-2015-5439.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5439",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-5439",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

140
2015/5xxx/CVE-2015-5494.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5494",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"name" : "https://www.drupal.org/node/2484231",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2484231"
},
{
"name" : "https://www.drupal.org/node/2442741",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2442741"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Webform Matrix Component module 7.x-4.x before 7.x-4.13 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2484231",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2484231"
},
{
"name": "https://www.drupal.org/node/2442741",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2442741"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
}
]
}
}

140
2015/5xxx/CVE-2015-5514.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5514",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"name" : "https://www.drupal.org/node/2516678",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2516678"
},
{
"name" : "https://www.drupal.org/node/2516560",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2516560"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x before 7.x-2.8 for Drupal, when the migrate_ui submodule is enabled, allows user-assisted remote attackers to inject arbitrary web script or HTML via a destination field label."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2516678",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2516678"
},
{
"name": "https://www.drupal.org/node/2516560",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2516560"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
}
]
}
}

160
2015/5xxx/CVE-2015-5652.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5652",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says \"It was determined that this is a longtime behavior of Python that cannot really be altered at this point.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5652",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://jvn.jp/en/jp/JVN49503705/995204/index.html",
"refsource" : "MISC",
"url" : "http://jvn.jp/en/jp/JVN49503705/995204/index.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
},
{
"name" : "JVN#49503705",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN49503705/index.html"
},
{
"name" : "JVNDB-2015-000141",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000141"
},
{
"name" : "76929",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in python.exe in Python through 3.5.0 on Windows allows local users to gain privileges via a Trojan horse readline.pyd file in the current working directory. NOTE: the vendor says \"It was determined that this is a longtime behavior of Python that cannot really be altered at this point.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2015-000141",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000141"
},
{
"name": "76929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76929"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05324755"
},
{
"name": "http://jvn.jp/en/jp/JVN49503705/995204/index.html",
"refsource": "MISC",
"url": "http://jvn.jp/en/jp/JVN49503705/995204/index.html"
},
{
"name": "JVN#49503705",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN49503705/index.html"
}
]
}
}

380
2015/5xxx/CVE-2015-5707.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150801 CVE request: Integer overflow in SCSI generic driver in Linux <4.1",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/08/01/6"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1250030",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1250030"
},
{
"name" : "https://github.com/torvalds/linux/commit/451a2886b6bf90e2fb378f7c46c655450fb96e81",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/451a2886b6bf90e2fb378f7c46c655450fb96e81"
},
{
"name" : "https://github.com/torvalds/linux/commit/fdc81f45e9f57858da6351836507fbcf1b7583ee",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/fdc81f45e9f57858da6351836507fbcf1b7583ee"
},
{
"name" : "https://source.android.com/security/bulletin/2017-07-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name" : "DSA-3329",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3329"
},
{
"name" : "SUSE-SU-2015:2084",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html"
},
{
"name" : "SUSE-SU-2015:2085",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html"
},
{
"name" : "SUSE-SU-2015:2086",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html"
},
{
"name" : "SUSE-SU-2015:2087",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html"
},
{
"name" : "SUSE-SU-2015:2089",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html"
},
{
"name" : "SUSE-SU-2015:2090",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html"
},
{
"name" : "SUSE-SU-2015:2091",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html"
},
{
"name" : "SUSE-SU-2015:1478",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
},
{
"name" : "SUSE-SU-2015:1592",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html"
},
{
"name" : "SUSE-SU-2015:1611",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html"
},
{
"name" : "USN-2733-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2733-1"
},
{
"name" : "USN-2734-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2734-1"
},
{
"name" : "USN-2737-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2737-1"
},
{
"name" : "USN-2738-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2738-1"
},
{
"name" : "USN-2750-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2750-1"
},
{
"name" : "USN-2759-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2759-1"
},
{
"name" : "USN-2760-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2760-1"
},
{
"name" : "76145",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76145"
},
{
"name" : "1033521",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033521"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2738-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2738-1"
},
{
"name": "SUSE-SU-2015:2089",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00030.html"
},
{
"name": "USN-2733-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2733-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee"
},
{
"name": "SUSE-SU-2015:2087",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00029.html"
},
{
"name": "USN-2750-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2750-1"
},
{
"name": "USN-2737-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2737-1"
},
{
"name": "https://source.android.com/security/bulletin/2017-07-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"name": "SUSE-SU-2015:1611",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html"
},
{
"name": "DSA-3329",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3329"
},
{
"name": "1033521",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033521"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1250030",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250030"
},
{
"name": "https://github.com/torvalds/linux/commit/fdc81f45e9f57858da6351836507fbcf1b7583ee",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/fdc81f45e9f57858da6351836507fbcf1b7583ee"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81"
},
{
"name": "USN-2760-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2760-1"
},
{
"name": "SUSE-SU-2015:2091",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00032.html"
},
{
"name": "SUSE-SU-2015:1478",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
},
{
"name": "USN-2759-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2759-1"
},
{
"name": "https://github.com/torvalds/linux/commit/451a2886b6bf90e2fb378f7c46c655450fb96e81",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/451a2886b6bf90e2fb378f7c46c655450fb96e81"
},
{
"name": "SUSE-SU-2015:2084",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00026.html"
},
{
"name": "SUSE-SU-2015:2085",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00027.html"
},
{
"name": "USN-2734-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2734-1"
},
{
"name": "[oss-security] 20150801 CVE request: Integer overflow in SCSI generic driver in Linux <4.1",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/01/6"
},
{
"name": "SUSE-SU-2015:2086",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00028.html"
},
{
"name": "SUSE-SU-2015:1592",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html"
},
{
"name": "SUSE-SU-2015:2090",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00031.html"
},
{
"name": "76145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76145"
}
]
}
}

126
2018/1999xxx/CVE-2018-1999027.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-07-31T15:54:50.968751",
"DATE_REQUESTED" : "2018-07-30T00:00:00",
"ID" : "CVE-2018-1999027",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins SaltStack Plugin",
"version" : {
"version_data" : [
{
"version_value" : "3.1.6 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-31T15:54:50.968751",
"DATE_REQUESTED": "2018-07-30T00:00:00",
"ID": "CVE-2018-1999027",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1009",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1009"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exposure of sensitive information vulnerability exists in Jenkins SaltStack Plugin 3.1.6 and earlier in SaltAPIBuilder.java, SaltAPIStep.java that allows attackers to capture credentials with a known credentials ID stored in Jenkins."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1009",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-1009"
}
]
}
}

132
2018/3xxx/CVE-2018-3104.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3104",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.5.3"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3104",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104762",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104762"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104762"
}
]
}
}

132
2018/3xxx/CVE-2018-3634.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2018-05-14T00:00:00",
"ID" : "CVE-2018-3634",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Online Connect Access",
"version" : {
"version_data" : [
{
"version_value" : "1.9.22.0"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-05-14T00:00:00",
"ID": "CVE-2018-3634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Online Connect Access",
"version": {
"version_data": [
{
"version_value": "1.9.22.0"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00121.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00121.html"
},
{
"name" : "104250",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104250"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Parameter corruption in NDIS filter driver in Intel Online Connect Access 1.9.22.0 allows an attacker to cause a denial of service via local access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104250"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00121.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00121.html"
}
]
}
}

130
2018/6xxx/CVE-2018-6193.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44216",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44216/"
},
{
"name" : "https://github.com/sshipway/routers2/issues/1",
"refsource" : "MISC",
"url" : "https://github.com/sshipway/routers2/issues/1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sshipway/routers2/issues/1",
"refsource": "MISC",
"url": "https://github.com/sshipway/routers2/issues/1"
},
{
"name": "44216",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44216/"
}
]
}
}

186
2018/6xxx/CVE-2018-6502.json
View File

@ -1,95 +1,95 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"DATE_PUBLIC" : "2018-09-19T15:45:00.000Z",
"ID" : "CVE-2018-6502",
"STATE" : "PUBLIC",
"TITLE" : "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ArcSight Management Center",
"version" : {
"version_data" : [
{
"version_value" : "all versions prior to 2.81"
}
]
}
}
]
},
"vendor_name" : "Micro Focus"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com.\n"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS)."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Reflected Cross-Site Scripting (XSS)"
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Reflected Cross-Site Scripting (XSS)"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2018-09-19T15:45:00.000Z",
"ID": "CVE-2018-6502",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03824 rev.1 - ArcSight Management Center, Insufficient Access Control, Reflected Cross Site Scripting, Access Control vulnerability, Cross-Site Request Forgery (CSRF), Unauthenticated File Download, Directory Traversal Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ArcSight Management Center",
"version": {
"version_data": [
{
"version_value": "all versions prior to 2.81"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142",
"refsource" : "CONFIRM",
"url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "Micro Focus would like to thank Andy Tan for reporting the Insufficient Access Control, Access Control Vulnerability, Reflected Cross Site Scripting, Cross-Site Request Forgery (CSRF), and Unauthenticated File Download vulnerabilities to cyber-psrt@microfocus.com.\n"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential Reflected Cross-Site Scripting (XSS) Security vulnerability has been identified in ArcSight Management Center (ArcMC) in all versions prior to 2.81. This vulnerability could be exploited to allow for Reflected Cross-site Scripting (XSS)."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Reflected Cross-Site Scripting (XSS)"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reflected Cross-Site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03245142"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

34
2018/6xxx/CVE-2018-6819.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6819",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-6819",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

160
2018/7xxx/CVE-2018-7332.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7332",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180418 [SECURITY] [DLA 1353-1] wireshark security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14445",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14445"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1ab0585098c7ce20f3afceb6730427cc2a1e98ea",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1ab0585098c7ce20f3afceb6730427cc2a1e98ea"
},
{
"name" : "https://www.wireshark.org/security/wnpa-sec-2018-06.html",
"refsource" : "CONFIRM",
"url" : "https://www.wireshark.org/security/wnpa-sec-2018-06.html"
},
{
"name" : "103158",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-reload.c had an infinite loop that was addressed by validating a length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20180418 [SECURITY] [DLA 1353-1] wireshark security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00018.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14445",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14445"
},
{
"name": "https://www.wireshark.org/security/wnpa-sec-2018-06.html",
"refsource": "CONFIRM",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-06.html"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1ab0585098c7ce20f3afceb6730427cc2a1e98ea",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1ab0585098c7ce20f3afceb6730427cc2a1e98ea"
},
{
"name": "103158",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103158"
}
]
}
}

34
2018/7xxx/CVE-2018-7381.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7381",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7381",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/7xxx/CVE-2018-7665.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7665",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lists.openwall.net/full-disclosure/2018/02/27/1",
"refsource" : "MISC",
"url" : "http://lists.openwall.net/full-disclosure/2018/02/27/1"
},
{
"name" : "https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ClipBucket before 4.0.0 Release 4902. A malicious file can be uploaded via the name parameter to actions/beats_uploader.php or actions/photo_uploader.php, or the coverPhoto parameter to edit_account.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.openwall.net/full-disclosure/2018/02/27/1",
"refsource": "MISC",
"url": "http://lists.openwall.net/full-disclosure/2018/02/27/1"
},
{
"name": "https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html",
"refsource": "MISC",
"url": "https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html"
}
]
}
}

190
2018/7xxx/CVE-2018-7740.json
View File

@ -1,92 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name" : "https://bugzilla.kernel.org/show_bug.cgi?id=199037",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.kernel.org/show_bug.cgi?id=199037"
},
{
"name" : "DSA-4187",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4187"
},
{
"name" : "DSA-4188",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4188"
},
{
"name" : "RHSA-2018:3083",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name" : "RHSA-2018:3096",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name" : "103316",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"refsource": "UBUNTU",
"name": "USN-3910-1",
"url": "https://usn.ubuntu.com/3910-1/"
},
{
"name": "DSA-4188",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"refsource": "UBUNTU",
"name": "USN-3910-2",
"url": "https://usn.ubuntu.com/3910-2/"
},
{
"name": "https://bugzilla.kernel.org/show_bug.cgi?id=199037",
"refsource": "CONFIRM",
"url": "https://bugzilla.kernel.org/show_bug.cgi?id=199037"
},
{
"name": "103316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103316"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
}
]
}
}

34
2018/8xxx/CVE-2018-8696.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8696",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8696",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/8xxx/CVE-2018-8782.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8782",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8782",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/8xxx/CVE-2018-8832.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8832",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/enhavo/enhavo/issues/459",
"refsource" : "MISC",
"url" : "https://github.com/enhavo/enhavo/issues/459"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "enhavo 0.4.0 has XSS via a user-group that contains executable JavaScript code in the user-group name. The XSS attack launches when a victim visits the admin user group page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/enhavo/enhavo/issues/459",
"refsource": "MISC",
"url": "https://github.com/enhavo/enhavo/issues/459"
}
]
}
}