admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:33:45 +00:00
parent 7b209b7f28
commit 23e3ac51e6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3668 additions and 3668 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2002/0xxx/CVE-2002-0171.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020406-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20020406-01-P"
},
{
"name" : "VU#498707",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/498707"
},
{
"name" : "4588",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4588"
},
{
"name" : "5351",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/5351"
},
{
"name" : "irix-irisconsole-icadmin-access(8933)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8933.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "irix-irisconsole-icadmin-access(8933)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8933.php"
},
{
"name": "20020406-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020406-01-P"
},
{
"name": "VU#498707",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/498707"
},
{
"name": "4588",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4588"
},
{
"name": "5351",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5351"
}
]
}
}

170
2002/0xxx/CVE-2002-0968.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0968",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0968",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020613 Remote DoS in AnalogX SimpleServer:www 1.16",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0106.html"
},
{
"name" : "20020702 Re: Remote DoS in AnlaogX SimpleServer:www 1.16",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102563702928443&w=2"
},
{
"name" : "http://www.analogx.com/contents/download/network/sswww.htm",
"refsource" : "CONFIRM",
"url" : "http://www.analogx.com/contents/download/network/sswww.htm"
},
{
"name" : "5006",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5006"
},
{
"name" : "analogx-simpleserver-at-dos(9338)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9338.php"
},
{
"name" : "3780",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3780"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.analogx.com/contents/download/network/sswww.htm",
"refsource": "CONFIRM",
"url": "http://www.analogx.com/contents/download/network/sswww.htm"
},
{
"name": "analogx-simpleserver-at-dos(9338)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9338.php"
},
{
"name": "20020702 Re: Remote DoS in AnlaogX SimpleServer:www 1.16",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102563702928443&w=2"
},
{
"name": "3780",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3780"
},
{
"name": "5006",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5006"
},
{
"name": "20020613 Remote DoS in AnalogX SimpleServer:www 1.16",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0106.html"
}
]
}
}

120
2002/2xxx/CVE-2002-2433.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2433",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows remote authenticated users to cause a denial of service (abend) via a crafted ABOR command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/viewContent.do?externalId=3238588&sliceId=1"
}
]
}
}

150
2005/0xxx/CVE-2005-0280.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0280",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in a message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0280",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050104 Socket termination, format string and XSS in Soldner Secret Wars",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110486654213504&w=2"
},
{
"name" : "12162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12162"
},
{
"name" : "13716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13716"
},
{
"name" : "soldner-secret-wars-format-string(18752)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18752"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in a message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12162"
},
{
"name": "13716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13716"
},
{
"name": "20050104 Socket termination, format string and XSS in Soldner Secret Wars",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110486654213504&w=2"
},
{
"name": "soldner-secret-wars-format-string(18752)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18752"
}
]
}
}

200
2005/0xxx/CVE-2005-0357.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0357",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-0357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm",
"refsource" : "CONFIRM",
"url" : "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"name" : "101886",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name" : "VU#606857",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/606857"
},
{
"name" : "14582",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14582"
},
{
"name" : "18800",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/18800"
},
{
"name" : "1014713",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014713"
},
{
"name" : "16470",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16470"
},
{
"name" : "16464",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16464"
},
{
"name" : "legato-authunix-bypass-authentication(21887)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16470",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16470"
},
{
"name": "16464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16464"
},
{
"name": "18800",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18800"
},
{
"name": "1014713",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014713"
},
{
"name": "14582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14582"
},
{
"name": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm",
"refsource": "CONFIRM",
"url": "http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm"
},
{
"name": "101886",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1"
},
{
"name": "legato-authunix-bypass-authentication(21887)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21887"
},
{
"name": "VU#606857",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/606857"
}
]
}
}

34
2005/0xxx/CVE-2005-0559.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0559",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0559",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2005/0xxx/CVE-2005-0787.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0787",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050314 [ZH2005-02SA] Insecure tmp file creation in Wine",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111082537009842&w=2"
},
{
"name" : "http://bugs.winehq.org/show_bug.cgi?id=2715",
"refsource" : "MISC",
"url" : "http://bugs.winehq.org/show_bug.cgi?id=2715"
},
{
"name" : "http://www.zone-h.org/advisories/read/id=7300",
"refsource" : "MISC",
"url" : "http://www.zone-h.org/advisories/read/id=7300"
},
{
"name" : "12791",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12791"
},
{
"name" : "1013428",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013428"
},
{
"name" : "wine-registry-information-disclosure(19697)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19697"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050314 [ZH2005-02SA] Insecure tmp file creation in Wine",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111082537009842&w=2"
},
{
"name": "http://bugs.winehq.org/show_bug.cgi?id=2715",
"refsource": "MISC",
"url": "http://bugs.winehq.org/show_bug.cgi?id=2715"
},
{
"name": "12791",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12791"
},
{
"name": "http://www.zone-h.org/advisories/read/id=7300",
"refsource": "MISC",
"url": "http://www.zone-h.org/advisories/read/id=7300"
},
{
"name": "1013428",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013428"
},
{
"name": "wine-registry-information-disclosure(19697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19697"
}
]
}
}

150
2005/0xxx/CVE-2005-0821.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.citrix.com/kb/entry.jspa?externalID=CTX105574",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/kb/entry.jspa?externalID=CTX105574"
},
{
"name" : "12821",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12821"
},
{
"name" : "1013457",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013457"
},
{
"name" : "metaframe-conferencing-gain-access(19723)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19723"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "metaframe-conferencing-gain-access(19723)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19723"
},
{
"name": "1013457",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013457"
},
{
"name": "http://support.citrix.com/kb/entry.jspa?externalID=CTX105574",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/kb/entry.jspa?externalID=CTX105574"
},
{
"name": "12821",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12821"
}
]
}
}

170
2005/1xxx/CVE-2005-1164.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1164",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050414 Multiple vulnerabilities in Yager 5.24",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111352154820865&w=2"
},
{
"name" : "http://aluigi.altervista.org/adv/yagerbof-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/yagerbof-adv.txt"
},
{
"name" : "13179",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13179"
},
{
"name" : "15509",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15509"
},
{
"name" : "14967",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14967"
},
{
"name" : "yager-freeze-datablock-dos(20104)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20104"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14967"
},
{
"name": "13179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13179"
},
{
"name": "20050414 Multiple vulnerabilities in Yager 5.24",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111352154820865&w=2"
},
{
"name": "yager-freeze-datablock-dos(20104)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20104"
},
{
"name": "http://aluigi.altervista.org/adv/yagerbof-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/yagerbof-adv.txt"
},
{
"name": "15509",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15509"
}
]
}
}

120
2005/1xxx/CVE-2005-1338.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in plaintext."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2005-05-03",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in plaintext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2005-05-03",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
}
]
}
}

140
2005/1xxx/CVE-2005-1446.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1446",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to upload and execute arbitrary files such as PHP scripts via an attachment to a trouble ticket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gulftech.org/?node=research&article_id=00072-05032005",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00072-05032005"
},
{
"name" : "http://forum.sitepanel2.com/index.php?showtopic=271",
"refsource" : "MISC",
"url" : "http://forum.sitepanel2.com/index.php?showtopic=271"
},
{
"name" : "15213",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to upload and execute arbitrary files such as PHP scripts via an attachment to a trouble ticket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15213"
},
{
"name": "http://www.gulftech.org/?node=research&article_id=00072-05032005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00072-05032005"
},
{
"name": "http://forum.sitepanel2.com/index.php?showtopic=271",
"refsource": "MISC",
"url": "http://forum.sitepanel2.com/index.php?showtopic=271"
}
]
}
}

150
2005/1xxx/CVE-2005-1730.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by \"OpenSSL ASN.1 brute forcer.\" NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cirt.dk/advisories/cirt-32-advisory.pdf",
"refsource" : "MISC",
"url" : "http://www.cirt.dk/advisories/cirt-32-advisory.pdf"
},
{
"name" : "http://www.securityfocus.com/data/vulnerabilities/exploits/ASN.1-Brute.c",
"refsource" : "MISC",
"url" : "http://www.securityfocus.com/data/vulnerabilities/exploits/ASN.1-Brute.c"
},
{
"name" : "8732",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/8732"
},
{
"name" : "ADV-2005-0744",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0744"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by \"OpenSSL ASN.1 brute forcer.\" NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-0744",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0744"
},
{
"name": "http://www.cirt.dk/advisories/cirt-32-advisory.pdf",
"refsource": "MISC",
"url": "http://www.cirt.dk/advisories/cirt-32-advisory.pdf"
},
{
"name": "8732",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8732"
},
{
"name": "http://www.securityfocus.com/data/vulnerabilities/exploits/ASN.1-Brute.c",
"refsource": "MISC",
"url": "http://www.securityfocus.com/data/vulnerabilities/exploits/ASN.1-Brute.c"
}
]
}
}

180
2005/1xxx/CVE-2005-1901.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1901",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the username in the Add User window or (2) the license key in the Licensing page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.networksecurity.fi/advisories/sawmill-admin.html",
"refsource" : "MISC",
"url" : "http://www.networksecurity.fi/advisories/sawmill-admin.html"
},
{
"name" : "http://www.sawmill.net/version_history7.html",
"refsource" : "CONFIRM",
"url" : "http://www.sawmill.net/version_history7.html"
},
{
"name" : "17102",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17102"
},
{
"name" : "17103",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17103"
},
{
"name" : "1014106",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014106"
},
{
"name" : "15499",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15499"
},
{
"name" : "sawmill-add-user-xss(20881)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20881"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) the username in the Add User window or (2) the license key in the Licensing page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17102",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17102"
},
{
"name": "17103",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17103"
},
{
"name": "1014106",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014106"
},
{
"name": "http://www.networksecurity.fi/advisories/sawmill-admin.html",
"refsource": "MISC",
"url": "http://www.networksecurity.fi/advisories/sawmill-admin.html"
},
{
"name": "15499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15499"
},
{
"name": "http://www.sawmill.net/version_history7.html",
"refsource": "CONFIRM",
"url": "http://www.sawmill.net/version_history7.html"
},
{
"name": "sawmill-add-user-xss(20881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20881"
}
]
}
}

200
2009/0xxx/CVE-2009-0027.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=479668",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=479668"
},
{
"name" : "https://jira.jboss.org/jira/browse/JBPAPP-1548",
"refsource" : "CONFIRM",
"url" : "https://jira.jboss.org/jira/browse/JBPAPP-1548"
},
{
"name" : "RHSA-2009:0346",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0346.html"
},
{
"name" : "RHSA-2009:0347",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0347.html"
},
{
"name" : "RHSA-2009:0348",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0348.html"
},
{
"name" : "RHSA-2009:0349",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0349.html"
},
{
"name" : "34023",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34023"
},
{
"name" : "1021817",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021817"
},
{
"name" : "34112",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34112"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The request handler in JBossWS in JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP06 and 4.3 before 4.3.0.CP04 does not properly validate the resource path during a request for a WSDL file with a custom web-service endpoint, which allows remote attackers to read arbitrary XML files via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34112",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34112"
},
{
"name": "RHSA-2009:0346",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0346.html"
},
{
"name": "https://jira.jboss.org/jira/browse/JBPAPP-1548",
"refsource": "CONFIRM",
"url": "https://jira.jboss.org/jira/browse/JBPAPP-1548"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=479668",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479668"
},
{
"name": "1021817",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021817"
},
{
"name": "RHSA-2009:0347",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0347.html"
},
{
"name": "34023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34023"
},
{
"name": "RHSA-2009:0348",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0348.html"
},
{
"name": "RHSA-2009:0349",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0349.html"
}
]
}
}

34
2009/0xxx/CVE-2009-0116.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0116",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0116",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2009/0xxx/CVE-2009-0552.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0552",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
},
{
"name" : "MS09-014",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"name" : "TA09-104A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name" : "53625",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53625"
},
{
"name" : "oval:org.mitre.oval:def:5551",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551"
},
{
"name" : "1022042",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022042"
},
{
"name" : "34678",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34678"
},
{
"name" : "ADV-2009-1028",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1028"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1028",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1028"
},
{
"name": "53625",
"refsource": "OSVDB",
"url": "http://osvdb.org/53625"
},
{
"name": "TA09-104A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "34678",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34678"
},
{
"name": "oval:org.mitre.oval:def:5551",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5551"
},
{
"name": "MS09-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-014"
},
{
"name": "1022042",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022042"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-133.htm"
}
]
}
}

370
2009/0xxx/CVE-2009-0658.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8090",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8090"
},
{
"name" : "8099",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8099"
},
{
"name" : "http://isc.sans.org/diary.html?n&storyid=5902",
"refsource" : "MISC",
"url" : "http://isc.sans.org/diary.html?n&storyid=5902"
},
{
"name" : "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219",
"refsource" : "MISC",
"url" : "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219"
},
{
"name" : "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2",
"refsource" : "MISC",
"url" : "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2"
},
{
"name" : "http://www.adobe.com/support/security/advisories/apsa09-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/advisories/apsa09-01.html"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"name" : "GLSA-200904-17",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200904-17.xml"
},
{
"name" : "RHSA-2009:0376",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0376.html"
},
{
"name" : "256788",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
},
{
"name" : "SUSE-SA:2009:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
},
{
"name" : "SUSE-SR:2009:009",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name" : "TA09-051A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-051A.html"
},
{
"name" : "VU#905281",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/905281"
},
{
"name" : "33751",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33751"
},
{
"name" : "ADV-2009-0472",
"refsource" : "FRSIRT",
"url" : "http://www.vupen.com/english/advisories/2009/0472"
},
{
"name" : "52073",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52073"
},
{
"name" : "oval:org.mitre.oval:def:5697",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697"
},
{
"name" : "1021739",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021739"
},
{
"name" : "33901",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33901"
},
{
"name" : "34392",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34392"
},
{
"name" : "34490",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34490"
},
{
"name" : "34706",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34706"
},
{
"name" : "34790",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34790"
},
{
"name" : "ADV-2009-1019",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1019"
},
{
"name" : "adobe-acrobat-reader-image-bo(48825)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48825"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219",
"refsource": "MISC",
"url": "http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219"
},
{
"name": "34790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34790"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-04.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-04.html"
},
{
"name": "8099",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8099"
},
{
"name": "oval:org.mitre.oval:def:5697",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5697"
},
{
"name": "http://isc.sans.org/diary.html?n&storyid=5902",
"refsource": "MISC",
"url": "http://isc.sans.org/diary.html?n&storyid=5902"
},
{
"name": "TA09-051A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-051A.html"
},
{
"name": "http://www.adobe.com/support/security/advisories/apsa09-01.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/advisories/apsa09-01.html"
},
{
"name": "52073",
"refsource": "OSVDB",
"url": "http://osvdb.org/52073"
},
{
"name": "34490",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34490"
},
{
"name": "33901",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33901"
},
{
"name": "RHSA-2009:0376",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0376.html"
},
{
"name": "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2",
"refsource": "MISC",
"url": "http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=2"
},
{
"name": "34392",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34392"
},
{
"name": "SUSE-SA:2009:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00005.html"
},
{
"name": "34706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34706"
},
{
"name": "ADV-2009-0472",
"refsource": "FRSIRT",
"url": "http://www.vupen.com/english/advisories/2009/0472"
},
{
"name": "VU#905281",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/905281"
},
{
"name": "256788",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-256788-1"
},
{
"name": "33751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33751"
},
{
"name": "adobe-acrobat-reader-image-bo(48825)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48825"
},
{
"name": "1021739",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021739"
},
{
"name": "8090",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8090"
},
{
"name": "GLSA-200904-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-17.xml"
},
{
"name": "SUSE-SR:2009:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "ADV-2009-1019",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1019"
}
]
}
}

170
2009/0xxx/CVE-2009-0994.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-1017."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-0994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"name" : "TA09-105A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name" : "34461",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34461"
},
{
"name" : "53744",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53744"
},
{
"name" : "1022055",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022055"
},
{
"name" : "34693",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34693"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-1017."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022055",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022055"
},
{
"name": "34461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34461"
},
{
"name": "53744",
"refsource": "OSVDB",
"url": "http://osvdb.org/53744"
},
{
"name": "34693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34693"
},
{
"name": "TA09-105A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
]
}
}

34
2009/1xxx/CVE-2009-1111.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1111",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1111",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

350
2009/1xxx/CVE-2009-1268.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1268",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090417 rPSA-2009-0062-1 tshark wireshark",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502745/100/0/threaded"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3269",
"refsource" : "MISC",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3269"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2009-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2009-02.html"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0062",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0062"
},
{
"name" : "DSA-1785",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1785"
},
{
"name" : "DSA-1942",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1942"
},
{
"name" : "FEDORA-2009-3599",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00675.html"
},
{
"name" : "FEDORA-2009-5339",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01167.html"
},
{
"name" : "FEDORA-2009-5382",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01213.html"
},
{
"name" : "MDVSA-2009:088",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:088"
},
{
"name" : "RHSA-2009:1100",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1100.html"
},
{
"name" : "SUSE-SR:2009:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name" : "34457",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34457"
},
{
"name" : "oval:org.mitre.oval:def:10876",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10876"
},
{
"name" : "oval:org.mitre.oval:def:5335",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5335"
},
{
"name" : "1022027",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022027"
},
{
"name" : "34778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34778"
},
{
"name" : "34970",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34970"
},
{
"name" : "35133",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35133"
},
{
"name" : "35224",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35224"
},
{
"name" : "35416",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35416"
},
{
"name" : "35464",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35464"
},
{
"name" : "37477",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37477"
},
{
"name" : "wireshark-cphap-dos(49815)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49815"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Check Point High-Availability Protocol (CPHAP) dissector in Wireshark 0.9.6 through 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FWHA_MY_STATE packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37477",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37477"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2009-02.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2009-02.html"
},
{
"name": "1022027",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022027"
},
{
"name": "FEDORA-2009-5382",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01213.html"
},
{
"name": "FEDORA-2009-5339",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01167.html"
},
{
"name": "oval:org.mitre.oval:def:10876",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10876"
},
{
"name": "35464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35464"
},
{
"name": "RHSA-2009:1100",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1100.html"
},
{
"name": "34778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34778"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "20090417 rPSA-2009-0062-1 tshark wireshark",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502745/100/0/threaded"
},
{
"name": "34970",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34970"
},
{
"name": "DSA-1785",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1785"
},
{
"name": "35133",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35133"
},
{
"name": "34457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34457"
},
{
"name": "FEDORA-2009-3599",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00675.html"
},
{
"name": "oval:org.mitre.oval:def:5335",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5335"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "MDVSA-2009:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:088"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3269",
"refsource": "MISC",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3269"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0062",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0062"
},
{
"name": "wireshark-cphap-dos(49815)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49815"
},
{
"name": "DSA-1942",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1942"
},
{
"name": "35224",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35224"
}
]
}
}

160
2009/1xxx/CVE-2009-1333.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1333",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the web interface on the HP Deskjet 6840 printer with firmware XF1M131A allows remote attackers to inject arbitrary web script or HTML via the POST request body."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090411 HP Deskjet 6800 XSS in Web Interface",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502620/100/0/threaded"
},
{
"name" : "34480",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34480"
},
{
"name" : "53769",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53769"
},
{
"name" : "34702",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34702"
},
{
"name" : "deskjet-refreshrate-xss(49850)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49850"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the web interface on the HP Deskjet 6840 printer with firmware XF1M131A allows remote attackers to inject arbitrary web script or HTML via the POST request body."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090411 HP Deskjet 6800 XSS in Web Interface",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502620/100/0/threaded"
},
{
"name": "34480",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34480"
},
{
"name": "deskjet-refreshrate-xss(49850)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49850"
},
{
"name": "34702",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34702"
},
{
"name": "53769",
"refsource": "OSVDB",
"url": "http://osvdb.org/53769"
}
]
}
}

190
2009/1xxx/CVE-2009-1530.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka \"HTML Objects Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090610 ZDI-09-038: Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504209/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-038",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-038"
},
{
"name" : "MS09-019",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019"
},
{
"name" : "TA09-160A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name" : "54949",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54949"
},
{
"name" : "oval:org.mitre.oval:def:6294",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6294"
},
{
"name" : "1022350",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022350"
},
{
"name" : "ADV-2009-1538",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1538"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka \"HTML Objects Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090610 ZDI-09-038: Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504209/100/0/threaded"
},
{
"name": "ADV-2009-1538",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1538"
},
{
"name": "MS09-019",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-038",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-038"
},
{
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "1022350",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022350"
},
{
"name": "oval:org.mitre.oval:def:6294",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6294"
},
{
"name": "54949",
"refsource": "OSVDB",
"url": "http://osvdb.org/54949"
}
]
}
}

160
2009/1xxx/CVE-2009-1913.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1913",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in manager.php in LuxBum 0.5.5, when magic_quotes_gpc is disabled and dotclear authentication is used, allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8645",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8645"
},
{
"name" : "34889",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34889"
},
{
"name" : "35032",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35032"
},
{
"name" : "ADV-2009-1281",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1281"
},
{
"name" : "luxbum-manager-sql-injection(50405)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50405"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in manager.php in LuxBum 0.5.5, when magic_quotes_gpc is disabled and dotclear authentication is used, allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8645",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8645"
},
{
"name": "luxbum-manager-sql-injection(50405)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50405"
},
{
"name": "34889",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34889"
},
{
"name": "35032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35032"
},
{
"name": "ADV-2009-1281",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1281"
}
]
}
}

170
2009/1xxx/CVE-2009-1999.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1999",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1999",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
},
{
"name" : "TA09-294A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
},
{
"name" : "36746",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36746"
},
{
"name" : "59118",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/59118"
},
{
"name" : "1023058",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023058"
},
{
"name" : "37099",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37099"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59118",
"refsource": "OSVDB",
"url": "http://osvdb.org/59118"
},
{
"name": "TA09-294A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
},
{
"name": "1023058",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023058"
},
{
"name": "37099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37099"
},
{
"name": "36746",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36746"
}
]
}
}

170
2012/2xxx/CVE-2012-2866.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2866",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=134897",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=134897"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"name" : "openSUSE-SU-2012:1215",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
},
{
"name" : "85031",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85031"
},
{
"name" : "oval:org.mitre.oval:def:15609",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15609"
},
{
"name" : "chrome-runins-code-exec(78175)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78175"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome before 21.0.1180.89 does not properly perform a cast of an unspecified variable during handling of run-in elements, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "85031",
"refsource": "OSVDB",
"url": "http://osvdb.org/85031"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/08/stable-channel-update_30.html"
},
{
"name": "chrome-runins-code-exec(78175)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78175"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=134897",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=134897"
},
{
"name": "oval:org.mitre.oval:def:15609",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15609"
},
{
"name": "openSUSE-SU-2012:1215",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00030.html"
}
]
}
}

150
2012/2xxx/CVE-2012-2961.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2961",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00"
},
{
"name" : "VU#108471",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/108471"
},
{
"name" : "54425",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54425"
},
{
"name" : "symantec-gateway-ldaplatest-sql-injection(77116)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77116"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the management console in Symantec Web Gateway 5.0.x before 5.0.3.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20120720_00"
},
{
"name": "54425",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54425"
},
{
"name": "VU#108471",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/108471"
},
{
"name": "symantec-gateway-ldaplatest-sql-injection(77116)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77116"
}
]
}
}

130
2012/3xxx/CVE-2012-3694.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3694",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3694",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5400",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5400"
},
{
"name" : "APPLE-SA-2012-07-25-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple Safari before 6.0 does not properly handle drag-and-drop events, which allows user-assisted remote attackers to obtain sensitive information about full pathnames via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}
}

170
2012/3xxx/CVE-2012-3791.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3791",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18955",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18955"
},
{
"name" : "53749",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53749"
},
{
"name" : "82412",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/82412"
},
{
"name" : "82413",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/82413"
},
{
"name" : "82414",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/82414"
},
{
"name" : "swcms-multiple-sql-injection(75999)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75999"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Simple Web Content Management System 1.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) item_delete.php, (2) item_status.php, (3) item_detail.php, (4) item_modify.php, or (5) item_position.php in admin/; or (6) status parameter to admin/item_status.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53749"
},
{
"name": "82414",
"refsource": "OSVDB",
"url": "http://osvdb.org/82414"
},
{
"name": "18955",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18955"
},
{
"name": "82412",
"refsource": "OSVDB",
"url": "http://osvdb.org/82412"
},
{
"name": "82413",
"refsource": "OSVDB",
"url": "http://osvdb.org/82413"
},
{
"name": "swcms-multiple-sql-injection(75999)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75999"
}
]
}
}

130
2012/3xxx/CVE-2012-3951.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3951",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3951",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html",
"refsource" : "MISC",
"url" : "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
},
{
"name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) 9.0.1.19899 and earlier has a default password of admin for the (1) scrutinizer and (2) scrutremote accounts, which allows remote attackers to execute arbitrary SQL commands via a TCP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2012-014.txt"
},
{
"name": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html",
"refsource": "MISC",
"url": "http://www.plixer.com/Press-Releases/plixer-releases-9-5-2.html"
}
]
}
}

34
2012/4xxx/CVE-2012-4626.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4626",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4626",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2012/4xxx/CVE-2012-4883.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4883",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, as demonstrated by a directory that contains a .smg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "48924",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48924"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple untrusted search path vulnerabilities in 3DVIA Composer V6R2012 HF1 Build 6.8.1.1652 allow local users to gain privileges via a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current working directory, as demonstrated by a directory that contains a .smg file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48924",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48924"
}
]
}
}

34
2012/6xxx/CVE-2012-6114.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6114",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6114",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

200
2012/6xxx/CVE-2012-6128.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6128",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6128",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130212 Re: CVE request: openconnect buffer overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/02/12/7"
},
{
"name" : "http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491",
"refsource" : "CONFIRM",
"url" : "http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491"
},
{
"name" : "http://www.infradead.org/openconnect/changelog.html",
"refsource" : "CONFIRM",
"url" : "http://www.infradead.org/openconnect/changelog.html"
},
{
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0060",
"refsource" : "CONFIRM",
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0060"
},
{
"name" : "DSA-2623",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2623"
},
{
"name" : "MDVSA-2013:108",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:108"
},
{
"name" : "openSUSE-SU-2013:0979",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00115.html"
},
{
"name" : "57884",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57884"
},
{
"name" : "openconnect-vpngateway-bo(82058)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/82058"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in http.c in OpenConnect before 4.08 allow remote VPN gateways to cause a denial of service (application crash) via a long (1) hostname, (2) path, or (3) cookie list in a response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2013:108",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:108"
},
{
"name": "http://www.infradead.org/openconnect/changelog.html",
"refsource": "CONFIRM",
"url": "http://www.infradead.org/openconnect/changelog.html"
},
{
"name": "[oss-security] 20130212 Re: CVE request: openconnect buffer overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/12/7"
},
{
"name": "DSA-2623",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2623"
},
{
"name": "openconnect-vpngateway-bo(82058)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82058"
},
{
"name": "57884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57884"
},
{
"name": "openSUSE-SU-2013:0979",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00115.html"
},
{
"name": "http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491",
"refsource": "CONFIRM",
"url": "http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0060",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0060"
}
]
}
}

34
2012/6xxx/CVE-2012-6669.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6669",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6669",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2015/5xxx/CVE-2015-5865.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205267",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205267"
},
{
"name" : "APPLE-SA-2015-09-30-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name" : "1033703",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033703"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033703"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
}
]
}
}

150
2017/2xxx/CVE-2017-2143.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "CS-Cart Japanese Edition",
"version" : {
"version_data" : [
{
"version_value" : "v4.3.10-jp-1 and earlier"
}
]
}
},
{
"product_name" : "CS-Cart Multivendor Japanese Edition",
"version" : {
"version_data" : [
{
"version_value" : "v4.3.10-jp-1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Frogman Office Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Fails to restrict access"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CS-Cart Japanese Edition",
"version": {
"version_data": [
{
"version_value": "v4.3.10-jp-1 and earlier"
}
]
}
},
{
"product_name": "CS-Cart Multivendor Japanese Edition",
"version": {
"version_data": [
{
"version_value": "v4.3.10-jp-1 and earlier"
}
]
}
}
]
},
"vendor_name": "Frogman Office Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tips.cs-cart.jp/fix-jvn-25598952.html",
"refsource" : "MISC",
"url" : "http://tips.cs-cart.jp/fix-jvn-25598952.html"
},
{
"name" : "JVN#25598952",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN25598952/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a customer purchased item via rma.post.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tips.cs-cart.jp/fix-jvn-25598952.html",
"refsource": "MISC",
"url": "http://tips.cs-cart.jp/fix-jvn-25598952.html"
},
{
"name": "JVN#25598952",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN25598952/index.html"
}
]
}
}

190
2017/2xxx/CVE-2017-2463.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2463",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-17-241/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-17-241/"
},
{
"name" : "https://support.apple.com/HT207599",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207599"
},
{
"name" : "https://support.apple.com/HT207600",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207600"
},
{
"name" : "https://support.apple.com/HT207601",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207601"
},
{
"name" : "https://support.apple.com/HT207607",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207607"
},
{
"name" : "https://support.apple.com/HT207617",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207617"
},
{
"name" : "97176",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97176"
},
{
"name" : "1038157",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97176"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-17-241/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-17-241/"
},
{
"name": "1038157",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038157"
},
{
"name": "https://support.apple.com/HT207601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207601"
},
{
"name": "https://support.apple.com/HT207600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207600"
},
{
"name": "https://support.apple.com/HT207607",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207607"
},
{
"name": "https://support.apple.com/HT207599",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207599"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

34
2017/2xxx/CVE-2017-2679.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2679",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2679",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/2xxx/CVE-2017-2762.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2762",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2762",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2017/6xxx/CVE-2017-6205.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10070",
"refsource" : "CONFIRM",
"url" : "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10070"
},
{
"name" : "96397",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96397"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, DGS-1510-28P, DGS-1510-28, and DGS-1510-20 Websmart devices with firmware before 1.31.B003 allow attackers to conduct Unauthenticated Command Bypass attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10070",
"refsource": "CONFIRM",
"url": "http://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10070"
},
{
"name": "96397",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96397"
}
]
}
}

196
2018/11xxx/CVE-2018-11074.json
View File

@ -1,100 +1,100 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-09-21T17:00:00.000Z",
"ID" : "CVE-2018-11074",
"STATE" : "PUBLIC",
"TITLE" : "DSA-2018-152: RSA® Authentication Manager Multiple Vulnerabilities"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Authentication Manager",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "8.3 P3"
}
]
}
}
]
},
"vendor_name" : "RSA"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "RSA would like to thank Mantas Juskauskas from SEC Consult Vulnerability for reporting CVE-2018-11074."
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.1,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DOM-based cross-site scripting vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-09-21T17:00:00.000Z",
"ID": "CVE-2018-11074",
"STATE": "PUBLIC",
"TITLE": "DSA-2018-152: RSA\u00ae Authentication Manager Multiple Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Authentication Manager",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "8.3 P3"
}
]
}
}
]
},
"vendor_name": "RSA"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180921 DSA-2018-152: RSA Authentication Manager Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Sep/39"
},
{
"name" : "105410",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105410"
},
{
"name" : "1041697",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041697"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "RSA would like to thank Mantas Juskauskas from SEC Consult Vulnerability for reporting CVE-2018-11074."
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RSA Authentication Manager versions prior to 8.3 P3 are affected by a DOM-based cross-site scripting vulnerability which exists in its embedded MadCap Flare Help files. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to the browser DOM, which code is then executed by the web browser in the context of the vulnerable web application."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DOM-based cross-site scripting vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180921 DSA-2018-152: RSA Authentication Manager Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Sep/39"
},
{
"name": "1041697",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041697"
},
{
"name": "105410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105410"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

120
2018/11xxx/CVE-2018-11559.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DomainMod 4.10.0 has Stored XSS in the \"/settings/profile/index.php\" new_last_name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/domainmod/domainmod/issues/66",
"refsource" : "MISC",
"url" : "https://github.com/domainmod/domainmod/issues/66"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DomainMod 4.10.0 has Stored XSS in the \"/settings/profile/index.php\" new_last_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/domainmod/domainmod/issues/66",
"refsource": "MISC",
"url": "https://github.com/domainmod/domainmod/issues/66"
}
]
}
}

130
2018/11xxx/CVE-2018-11911.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=34d3d7fe7e98cc0a6fb0995107d1cd99d6f29798",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=34d3d7fe7e98cc0a6fb0995107d1cd99d6f29798"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper configuration of script may lead to unprivileged access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=34d3d7fe7e98cc0a6fb0995107d1cd99d6f29798",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/le/meta-qti-bsp/commit/?id=34d3d7fe7e98cc0a6fb0995107d1cd99d6f29798"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
]
}
}

34
2018/14xxx/CVE-2018-14152.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14152",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14152",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/14xxx/CVE-2018-14305.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14305",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.5096"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PolyLine annotations. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6265."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.5096"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-765",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-765"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of PolyLine annotations. By manipulating a document's elements an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6265."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-765",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-765"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

170
2018/14xxx/CVE-2018-14716.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14716",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45108",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45108/"
},
{
"name" : "http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/",
"refsource" : "MISC",
"url" : "http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/"
},
{
"name" : "https://github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f2749110508d1ce1",
"refsource" : "CONFIRM",
"url" : "https://github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f2749110508d1ce1"
},
{
"name" : "https://github.com/nystudio107/craft-seomatic/releases/tag/3.1.4",
"refsource" : "CONFIRM",
"url" : "https://github.com/nystudio107/craft-seomatic/releases/tag/3.1.4"
},
{
"name" : "https://twitter.com/nystudio107/status/1021847835418009605",
"refsource" : "CONFIRM",
"url" : "https://twitter.com/nystudio107/status/1021847835418009605"
},
{
"name" : "https://twitter.com/nystudio107/status/1021855169515057152",
"refsource" : "CONFIRM",
"url" : "https://twitter.com/nystudio107/status/1021855169515057152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "45108",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45108/"
},
{
"name": "https://github.com/nystudio107/craft-seomatic/releases/tag/3.1.4",
"refsource": "CONFIRM",
"url": "https://github.com/nystudio107/craft-seomatic/releases/tag/3.1.4"
},
{
"name": "https://twitter.com/nystudio107/status/1021855169515057152",
"refsource": "CONFIRM",
"url": "https://twitter.com/nystudio107/status/1021855169515057152"
},
{
"name": "http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/",
"refsource": "MISC",
"url": "http://ha.cker.info/exploitation-of-server-side-template-injection-with-craft-cms-plguin-seomatic/"
},
{
"name": "https://twitter.com/nystudio107/status/1021847835418009605",
"refsource": "CONFIRM",
"url": "https://twitter.com/nystudio107/status/1021847835418009605"
},
{
"name": "https://github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f2749110508d1ce1",
"refsource": "CONFIRM",
"url": "https://github.com/nystudio107/craft-seomatic/commit/1e7d1d084ac3a89e7ec70620f2749110508d1ce1"
}
]
}
}

34
2018/15xxx/CVE-2018-15071.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15071",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15071",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

164
2018/15xxx/CVE-2018-15383.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-03T16:00:00-0500",
"ID" : "CVE-2018-15383",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Adaptive Security Appliance Direct Memory Access Denial of Service Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Adaptive Security Appliance (ASA) Software ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "8.6",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-10-03T16:00:00-0500",
"ID": "CVE-2018-15383",
"STATE": "PUBLIC",
"TITLE": "Cisco Adaptive Security Appliance Direct Memory Access Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Adaptive Security Appliance (ASA) Software ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181003 Cisco Adaptive Security Appliance Direct Memory Access Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-dma-dos"
},
{
"name" : "1041787",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041787"
}
]
},
"source" : {
"advisory" : "cisco-sa-20181003-asa-dma-dos",
"defect" : [
[
"CSCvj89470"
]
],
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the cryptographic hardware accelerator driver of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a temporary denial of service (DoS) condition. The vulnerability exists because the affected devices have a limited amount of Direct Memory Access (DMA) memory and the affected software improperly handles resources in low-memory conditions. An attacker could exploit this vulnerability by sending a sustained, high rate of malicious traffic to an affected device to exhaust memory on the device. A successful exploit could allow the attacker to exhaust DMA memory on the affected device, which could cause the device to reload and result in a temporary DoS condition."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.6",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041787",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041787"
},
{
"name": "20181003 Cisco Adaptive Security Appliance Direct Memory Access Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-dma-dos"
}
]
},
"source": {
"advisory": "cisco-sa-20181003-asa-dma-dos",
"defect": [
[
"CSCvj89470"
]
],
"discovery": "UNKNOWN"
}
}

176
2018/15xxx/CVE-2018-15795.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-11-09T08:00:00.000Z",
"ID" : "CVE-2018-15795",
"STATE" : "PUBLIC",
"TITLE" : "CredHub Service Broker uses guessable client secret"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "CredHub Service Broker",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "all versions",
"version_value" : "1.1.0"
}
]
}
}
]
},
"vendor_name" : "Pivotal Cloud Foundry"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 8.1,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Predictability problems"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-09T08:00:00.000Z",
"ID": "CVE-2018-15795",
"STATE": "PUBLIC",
"TITLE": "CredHub Service Broker uses guessable client secret"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CredHub Service Broker",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "all versions",
"version_value": "1.1.0"
}
]
}
}
]
},
"vendor_name": "Pivotal Cloud Foundry"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2018-15795",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-15795"
},
{
"name" : "105915",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105915"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal CredHub Service Broker, versions prior to 1.1.0, uses a guessable form of random number generation in creating service broker's UAA client. A remote malicious user may guess the client secret and obtain or modify credentials for users of the CredHub Service."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Predictability problems"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-15795",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-15795"
},
{
"name": "105915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105915"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

130
2018/20xxx/CVE-2018-20005.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/fouzhe/security/tree/master/mxml#heap-use-after-free-in-function-mxmlwalknext",
"refsource" : "MISC",
"url" : "https://github.com/fouzhe/security/tree/master/mxml#heap-use-after-free-in-function-mxmlwalknext"
},
{
"name" : "https://github.com/michaelrsweet/mxml/issues/234",
"refsource" : "MISC",
"url" : "https://github.com/michaelrsweet/mxml/issues/234"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in Mini-XML (aka mxml) 2.12. It is a use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by mxmldoc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/michaelrsweet/mxml/issues/234",
"refsource": "MISC",
"url": "https://github.com/michaelrsweet/mxml/issues/234"
},
{
"name": "https://github.com/fouzhe/security/tree/master/mxml#heap-use-after-free-in-function-mxmlwalknext",
"refsource": "MISC",
"url": "https://github.com/fouzhe/security/tree/master/mxml#heap-use-after-free-in-function-mxmlwalknext"
}
]
}
}

260
2018/8xxx/CVE-2018-8778.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8778",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8778",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html"
},
{
"name" : "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html"
},
{
"name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/"
},
{
"name" : "DSA-4259",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4259"
},
{
"name" : "RHSA-2018:3729",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"name" : "RHSA-2018:3730",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"name" : "RHSA-2018:3731",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"name" : "USN-3626-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3626-1/"
},
{
"name" : "103693",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103693"
},
{
"name" : "1042004",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker controlling the unpacking format (similar to format string vulnerabilities) can trigger a buffer under-read in the String#unpack method, resulting in a massive and controlled information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/"
},
{
"name": "RHSA-2018:3729",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"name": "USN-3626-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3626-1/"
},
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:3730",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html"
},
{
"name": "RHSA-2018:3731",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/"
},
{
"name": "DSA-4259",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4259"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/"
},
{
"name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html"
},
{
"name": "103693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103693"
}
]
}
}