admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:51:49 +00:00
parent b42b801a84
commit 24a816e842
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
64 changed files with 4478 additions and 4478 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2005/0xxx/CVE-2005-0260.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0260",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0260",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050209 Computer Associates BrightStor ARCserve Backup v11 Discovery Service Remote Buffer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=194&type=vulnerabilities"
},
{
"name" : "http://supportconnectw.ca.com/public/enews/BrightStor/brigcurrent.asp#news1",
"refsource" : "CONFIRM",
"url" : "http://supportconnectw.ca.com/public/enews/BrightStor/brigcurrent.asp#news1"
},
{
"name" : "1013138",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013138"
},
{
"name" : "14183",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14183"
},
{
"name" : "brightstor-discovery-bo(19251)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19251"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14183"
},
{
"name": "20050209 Computer Associates BrightStor ARCserve Backup v11 Discovery Service Remote Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=194&type=vulnerabilities"
},
{
"name": "http://supportconnectw.ca.com/public/enews/BrightStor/brigcurrent.asp#news1",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/enews/BrightStor/brigcurrent.asp#news1"
},
{
"name": "brightstor-discovery-bo(19251)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19251"
},
{
"name": "1013138",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013138"
}
]
}
}

160
2005/0xxx/CVE-2005-0748.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0748",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12773",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12773"
},
{
"name" : "ADV-2005-0248",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0248"
},
{
"name" : "1013409",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013409"
},
{
"name" : "14550",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14550"
},
{
"name" : "webinsta-initdb-file-include(19651)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19651"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webinsta-initdb-file-include(19651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19651"
},
{
"name": "ADV-2005-0248",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0248"
},
{
"name": "1013409",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013409"
},
{
"name": "14550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14550"
},
{
"name": "12773",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12773"
}
]
}
}

150
2005/0xxx/CVE-2005-0938.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0938",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050329 [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111214393101387&w=2"
},
{
"name" : "http://www.persianhacker.net/news/news-2945.html",
"refsource" : "MISC",
"url" : "http://www.persianhacker.net/news/news-2945.html"
},
{
"name" : "1013603",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013603"
},
{
"name" : "14725",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14725"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013603",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013603"
},
{
"name": "http://www.persianhacker.net/news/news-2945.html",
"refsource": "MISC",
"url": "http://www.persianhacker.net/news/news-2945.html"
},
{
"name": "20050329 [PersianHacker.NET 200503-11]Ublog reload 1.0.4 and prior",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111214393101387&w=2"
},
{
"name": "14725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14725"
}
]
}
}

140
2005/2xxx/CVE-2005-2401.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2401",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2401",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14332",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14332"
},
{
"name" : "18111",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/18111"
},
{
"name" : "16096",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16096"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14332"
},
{
"name": "18111",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18111"
},
{
"name": "16096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16096"
}
]
}
}

160
2005/2xxx/CVE-2005-2613.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2613",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050815 Vulnerability found in CPAINT Ajax Toolkit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/408130"
},
{
"name" : "http://sourceforge.net/forum/forum.php?forum_id=488784",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/forum/forum.php?forum_id=488784"
},
{
"name" : "14565",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14565"
},
{
"name" : "16462",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16462/"
},
{
"name" : "cpaint-script-execution(21846)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21846"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cpaint-script-execution(21846)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21846"
},
{
"name": "14565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14565"
},
{
"name": "16462",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16462/"
},
{
"name": "20050815 Vulnerability found in CPAINT Ajax Toolkit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/408130"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=488784",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=488784"
}
]
}
}

250
2005/2xxx/CVE-2005-2665.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2665",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050820 [RETRO AUDITING] Elm remote buffer overflow in Expires header",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html"
},
{
"name" : "20050822 ELM < 2.5.8 Remote Exploit POC",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112472951529964&w=2"
},
{
"name" : "GLSA-200510-15",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml"
},
{
"name" : "MDKSA-2005:186",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:186"
},
{
"name" : "RHSA-2005:755",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-755.html"
},
{
"name" : "SA-2005.47",
"refsource" : "SCO",
"url" : "http://www.securityfocus.com/advisories/9670"
},
{
"name" : "SSA:2005-310-03",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056"
},
{
"name" : "SSA:2005-311",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.419306"
},
{
"name" : "14613",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14613"
},
{
"name" : "15117",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15117"
},
{
"name" : "1014745",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014745"
},
{
"name" : "16508",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16508"
},
{
"name" : "16554",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16554"
},
{
"name" : "17475",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17475"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSA:2005-311",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.419306"
},
{
"name": "16508",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16508"
},
{
"name": "1014745",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014745"
},
{
"name": "RHSA-2005:755",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-755.html"
},
{
"name": "GLSA-200510-15",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-15.xml"
},
{
"name": "20050822 ELM < 2.5.8 Remote Exploit POC",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112472951529964&w=2"
},
{
"name": "20050820 [RETRO AUDITING] Elm remote buffer overflow in Expires header",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0688.html"
},
{
"name": "MDKSA-2005:186",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:186"
},
{
"name": "SA-2005.47",
"refsource": "SCO",
"url": "http://www.securityfocus.com/advisories/9670"
},
{
"name": "15117",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15117"
},
{
"name": "17475",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17475"
},
{
"name": "16554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16554"
},
{
"name": "14613",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14613"
},
{
"name": "SSA:2005-310-03",
"refsource": "SLACKWARE",
"url": "http://www.slackware.org/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.423056"
}
]
}
}

190
2005/2xxx/CVE-2005-2875.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2875",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://soya.literati.org/",
"refsource" : "MISC",
"url" : "http://soya.literati.org/"
},
{
"name" : "DSA-856",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-856"
},
{
"name" : "GLSA-200509-09",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-09.xml"
},
{
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=103524",
"refsource" : "CONFIRM",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=103524"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326976",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326976"
},
{
"name" : "14864",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14864"
},
{
"name" : "16855",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16855"
},
{
"name" : "17106",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Py2Play allows remote attackers to execute arbitrary Python code via pickled objects, which Py2Play unpickles and executes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16855",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16855"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326976",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326976"
},
{
"name": "DSA-856",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-856"
},
{
"name": "14864",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14864"
},
{
"name": "17106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17106"
},
{
"name": "http://soya.literati.org/",
"refsource": "MISC",
"url": "http://soya.literati.org/"
},
{
"name": "GLSA-200509-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-09.xml"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=103524",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=103524"
}
]
}
}

34
2005/3xxx/CVE-2005-3898.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3898",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3567. Reason: This candidate is a reservation duplicate of CVE-2005-3567. Notes: All CVE users should reference CVE-2005-3567 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-3898",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3567. Reason: This candidate is a reservation duplicate of CVE-2005-3567. Notes: All CVE users should reference CVE-2005-3567 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

180
2005/4xxx/CVE-2005-4307.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/scarecrow-message-board-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/scarecrow-message-board-xss-vuln.html"
},
{
"name" : "15915",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15915"
},
{
"name" : "ADV-2005-2937",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2937"
},
{
"name" : "21778",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21778"
},
{
"name" : "21777",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21777"
},
{
"name" : "21779",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21779"
},
{
"name" : "18084",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18084"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the forum parameter to (1) forum.cgi and (2) post.cgi, or (3) the user parameter to profile.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2005/12/scarecrow-message-board-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/scarecrow-message-board-xss-vuln.html"
},
{
"name": "ADV-2005-2937",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2937"
},
{
"name": "21778",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21778"
},
{
"name": "21777",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21777"
},
{
"name": "15915",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15915"
},
{
"name": "21779",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21779"
},
{
"name": "18084",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18084"
}
]
}
}

160
2005/4xxx/CVE-2005-4329.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4329",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/pafiledb-extreme-edition-sql-inj.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/pafiledb-extreme-edition-sql-inj.html"
},
{
"name" : "15912",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15912"
},
{
"name" : "ADV-2005-2961",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2961"
},
{
"name" : "21822",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21822"
},
{
"name" : "268",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/268"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB Extreme Edition RC 5 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) newsid and (2) id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "268",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/268"
},
{
"name": "ADV-2005-2961",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2961"
},
{
"name": "15912",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15912"
},
{
"name": "http://pridels0.blogspot.com/2005/12/pafiledb-extreme-edition-sql-inj.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/pafiledb-extreme-edition-sql-inj.html"
},
{
"name": "21822",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21822"
}
]
}
}

130
2005/4xxx/CVE-2005-4338.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to \"admin\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ipomonis.com/advisories/Bb_6.zip",
"refsource" : "MISC",
"url" : "http://www.ipomonis.com/advisories/Bb_6.zip"
},
{
"name" : "21617",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21617"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "announcement.pl in Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to gain administrator privileges by setting the context parameter to \"admin\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ipomonis.com/advisories/Bb_6.zip",
"refsource": "MISC",
"url": "http://www.ipomonis.com/advisories/Bb_6.zip"
},
{
"name": "21617",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21617"
}
]
}
}

270
2005/4xxx/CVE-2005-4585.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4585",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4585",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00022.html",
"refsource" : "CONFIRM",
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00022.html"
},
{
"name" : "RHSA-2006:0156",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0156.html"
},
{
"name" : "20060201-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U"
},
{
"name" : "SUSE-SR:2006:004",
"refsource" : "SUSE",
"url" : "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html"
},
{
"name" : "16076",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16076"
},
{
"name" : "oval:org.mitre.oval:def:9678",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9678"
},
{
"name" : "ADV-2005-3095",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/3095"
},
{
"name" : "22092",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22092"
},
{
"name" : "18229",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18229"
},
{
"name" : "1015414",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015414"
},
{
"name" : "18426",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18426"
},
{
"name" : "19230",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19230"
},
{
"name" : "19012",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19012"
},
{
"name" : "18911",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18911"
},
{
"name" : "304",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/304"
},
{
"name" : "ethereal-gtp-dissector-dos(23849)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23849"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16076"
},
{
"name": "SUSE-SR:2006:004",
"refsource": "SUSE",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html"
},
{
"name": "18911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18911"
},
{
"name": "19230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19230"
},
{
"name": "ADV-2005-3095",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3095"
},
{
"name": "RHSA-2006:0156",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0156.html"
},
{
"name": "http://www.ethereal.com/appnotes/enpa-sa-00022.html",
"refsource": "CONFIRM",
"url": "http://www.ethereal.com/appnotes/enpa-sa-00022.html"
},
{
"name": "22092",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22092"
},
{
"name": "1015414",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015414"
},
{
"name": "ethereal-gtp-dissector-dos(23849)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23849"
},
{
"name": "20060201-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U"
},
{
"name": "19012",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19012"
},
{
"name": "oval:org.mitre.oval:def:9678",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9678"
},
{
"name": "18426",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18426"
},
{
"name": "18229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18229"
},
{
"name": "304",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/304"
}
]
}
}

34
2005/4xxx/CVE-2005-4890.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4890",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4890",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2009/0xxx/CVE-2009-0342.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0342",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090123 Problems with syscall filtering technologies on Linux",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500377/100/0/threaded"
},
{
"name" : "http://scary.beasts.org/security/CESA-2009-001.html",
"refsource" : "MISC",
"url" : "http://scary.beasts.org/security/CESA-2009-001.html"
},
{
"name" : "http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html",
"refsource" : "MISC",
"url" : "http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html"
},
{
"name" : "http://www.citi.umich.edu/u/provos/systrace/",
"refsource" : "CONFIRM",
"url" : "http://www.citi.umich.edu/u/provos/systrace/"
},
{
"name" : "33417",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33417"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090123 Problems with syscall filtering technologies on Linux",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500377/100/0/threaded"
},
{
"name": "http://scary.beasts.org/security/CESA-2009-001.html",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2009-001.html"
},
{
"name": "http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html",
"refsource": "MISC",
"url": "http://scarybeastsecurity.blogspot.com/2009/01/bypassing-syscall-filtering.html"
},
{
"name": "http://www.citi.umich.edu/u/provos/systrace/",
"refsource": "CONFIRM",
"url": "http://www.citi.umich.edu/u/provos/systrace/"
},
{
"name": "33417",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33417"
}
]
}
}

150
2009/0xxx/CVE-2009-0744.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0744",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0744",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090225 Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of Service Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/501229/100/0/threaded"
},
{
"name" : "33909",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33909"
},
{
"name" : "oval:org.mitre.oval:def:6066",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6066"
},
{
"name" : "safari-feedsuri-dos(48943)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48943"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "safari-feedsuri-dos(48943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48943"
},
{
"name": "oval:org.mitre.oval:def:6066",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6066"
},
{
"name": "33909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33909"
},
{
"name": "20090225 Apple Safari 4 Beta feeds: URI NULL Pointer Dereference Denial of Service Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501229/100/0/threaded"
}
]
}
}

180
2009/2xxx/CVE-2009-2140.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2140",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090910 Re: OpenOffice.org CVE-2009-2139",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=125258116800739&w=2"
},
{
"name" : "[oss-security] 20090911 Re: OpenOffice.org CVE-2009-2139",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=125265261125765&w=2"
},
{
"name" : "[oss-security] 20090922 Re: [oss-security] OpenOffice.org CVE-2009-2139",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=125363445702917&w=2"
},
{
"name" : "http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55",
"refsource" : "CONFIRM",
"url" : "http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55"
},
{
"name" : "MDVSA-2010:035",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
},
{
"name" : "MDVSA-2010:091",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
},
{
"name" : "MDVSA-2010:105",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2010:105",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:105"
},
{
"name": "MDVSA-2010:091",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:091"
},
{
"name": "http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/ooo-build/ooo-build/commit/?id=49b4e38571912a7d28c4044e5b2bd57e51c77d55"
},
{
"name": "MDVSA-2010:035",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:035"
},
{
"name": "[oss-security] 20090922 Re: [oss-security] OpenOffice.org CVE-2009-2139",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=125363445702917&w=2"
},
{
"name": "[oss-security] 20090910 Re: OpenOffice.org CVE-2009-2139",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=125258116800739&w=2"
},
{
"name": "[oss-security] 20090911 Re: OpenOffice.org CVE-2009-2139",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=125265261125765&w=2"
}
]
}
}

240
2009/2xxx/CVE-2009-2474.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2474",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-2474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[neon] 20090818 CVE-2009-2474: fix handling of NUL in SSL cert subject names",
"refsource" : "MLIST",
"url" : "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html"
},
{
"name" : "[neon] 20090818 neon: release 0.28.6 (SECURITY)",
"refsource" : "MLIST",
"url" : "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html"
},
{
"name" : "http://support.apple.com/kb/HT4435",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4435"
},
{
"name" : "APPLE-SA-2010-11-10-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name" : "FEDORA-2009-8794",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html"
},
{
"name" : "FEDORA-2009-8815",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html"
},
{
"name" : "MDVSA-2009:221",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:221"
},
{
"name" : "USN-835-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-835-1"
},
{
"name" : "36079",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36079"
},
{
"name" : "oval:org.mitre.oval:def:11721",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11721"
},
{
"name" : "36371",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36371"
},
{
"name" : "36799",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36799"
},
{
"name" : "ADV-2009-2341",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2341"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a '\\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[neon] 20090818 neon: release 0.28.6 (SECURITY)",
"refsource": "MLIST",
"url": "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001044.html"
},
{
"name": "[neon] 20090818 CVE-2009-2474: fix handling of NUL in SSL cert subject names",
"refsource": "MLIST",
"url": "http://lists.manyfish.co.uk/pipermail/neon/2009-August/001046.html"
},
{
"name": "http://support.apple.com/kb/HT4435",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4435"
},
{
"name": "ADV-2009-2341",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2341"
},
{
"name": "oval:org.mitre.oval:def:11721",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11721"
},
{
"name": "MDVSA-2009:221",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:221"
},
{
"name": "36079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36079"
},
{
"name": "APPLE-SA-2010-11-10-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
},
{
"name": "36371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36371"
},
{
"name": "USN-835-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-835-1"
},
{
"name": "FEDORA-2009-8815",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00945.html"
},
{
"name": "FEDORA-2009-8794",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00924.html"
},
{
"name": "36799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36799"
}
]
}
}

200
2009/2xxx/CVE-2009-2587.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2587",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0907-exploits/dragdopcart-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0907-exploits/dragdopcart-xss.txt"
},
{
"name" : "56065",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/56065"
},
{
"name" : "56066",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/56066"
},
{
"name" : "56067",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/56067"
},
{
"name" : "56069",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/56069"
},
{
"name" : "56070",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/56070"
},
{
"name" : "56071",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/56071"
},
{
"name" : "35925",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35925"
},
{
"name" : "dragdropcart-multiple-xss(51877)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51877"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to assets/js/ddcart.php, the (2) prefix parameter to includes/ajax/getstate.php, the search parameter to (3) index.php and (4) search.php, the (5) redirect parameter to login.php, and the (6) product parameter to productdetail.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dragdropcart-multiple-xss(51877)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51877"
},
{
"name": "35925",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35925"
},
{
"name": "http://packetstormsecurity.org/0907-exploits/dragdopcart-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/dragdopcart-xss.txt"
},
{
"name": "56070",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56070"
},
{
"name": "56065",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56065"
},
{
"name": "56067",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56067"
},
{
"name": "56069",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56069"
},
{
"name": "56066",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56066"
},
{
"name": "56071",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56071"
}
]
}
}

120
2009/2xxx/CVE-2009-2633.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2633",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8920",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/8920"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8920",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8920"
}
]
}
}

140
2009/2xxx/CVE-2009-2974.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2974",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090823 DoS vulnerability in Google Chrome",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2009-08/0217.html"
},
{
"name" : "20090825 Re: DoS vulnerability in Google Chrome",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2009-08/0236.html"
},
{
"name" : "http://websecurity.com.ua/3435/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/3435/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote attackers to (1) cause a denial of service (application hang) via vectors involving a chromehtml: URI value for the document.location property or (2) cause a denial of service (application hang and CPU consumption) via vectors involving a series of function calls that set a chromehtml: URI value for the document.location property."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090823 DoS vulnerability in Google Chrome",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0217.html"
},
{
"name": "20090825 Re: DoS vulnerability in Google Chrome",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-08/0236.html"
},
{
"name": "http://websecurity.com.ua/3435/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3435/"
}
]
}
}

190
2009/3xxx/CVE-2009-3250.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3250",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090818 Vtiger CRM 5.0.4 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=125060676515670&w=2"
},
{
"name" : "9450",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9450"
},
{
"name" : "http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/",
"refsource" : "MISC",
"url" : "http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/"
},
{
"name" : "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt",
"refsource" : "MISC",
"url" : "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt"
},
{
"name" : "36062",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36062"
},
{
"name" : "57237",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/57237"
},
{
"name" : "36309",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36309"
},
{
"name" : "ADV-2009-2319",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2319"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/",
"refsource": "MISC",
"url": "http://www.ush.it/2009/08/18/vtiger-crm-504-multiple-vulnerabilities/"
},
{
"name": "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt",
"refsource": "MISC",
"url": "http://www.ush.it/team/ush/hack-vtigercrm_504/vtigercrm_504.txt"
},
{
"name": "9450",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9450"
},
{
"name": "20090818 Vtiger CRM 5.0.4 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=125060676515670&w=2"
},
{
"name": "36062",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36062"
},
{
"name": "36309",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36309"
},
{
"name": "57237",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/57237"
},
{
"name": "ADV-2009-2319",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2319"
}
]
}
}

34
2009/3xxx/CVE-2009-3454.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3454",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2510. Reason: This candidate is a duplicate of CVE-2009-2510. Notes: All CVE users should reference CVE-2009-2510 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-3454",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2510. Reason: This candidate is a duplicate of CVE-2009-2510. Notes: All CVE users should reference CVE-2009-2510 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

120
2009/3xxx/CVE-2009-3739.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3739",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controllers allow remote attackers to obtain privileged access or cause a denial of service (halt) via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-3739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100115 C4 SCADA Security Advisory - Rockwell Automation (Allen Bradley) Multiple Vulnerabilities in Micrologix 1100 & 1400 Series Controllers",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508946/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controllers allow remote attackers to obtain privileged access or cause a denial of service (halt) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100115 C4 SCADA Security Advisory - Rockwell Automation (Allen Bradley) Multiple Vulnerabilities in Micrologix 1100 & 1400 Series Controllers",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508946/100/0/threaded"
}
]
}
}

250
2009/3xxx/CVE-2009-3995.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3995",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2009-3995",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091217 Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508527/100/0/threaded"
},
{
"name" : "20091217 Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508526/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2009-52/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2009-52/"
},
{
"name" : "http://secunia.com/secunia_research/2009-53/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2009-53/"
},
{
"name" : "http://secunia.com/secunia_research/2009-55/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2009-55/"
},
{
"name" : "http://forums.winamp.com/showthread.php?threadid=315355",
"refsource" : "CONFIRM",
"url" : "http://forums.winamp.com/showthread.php?threadid=315355"
},
{
"name" : "MDVSA-2010:151",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
},
{
"name" : "SUSE-SR:2010:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name" : "37374",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37374"
},
{
"name" : "37495",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37495"
},
{
"name" : "40799",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40799"
},
{
"name" : "ADV-2009-3575",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3575"
},
{
"name" : "ADV-2010-1107",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name" : "ADV-2010-1957",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1957"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2010:151",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:151"
},
{
"name": "http://secunia.com/secunia_research/2009-53/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-53/"
},
{
"name": "http://secunia.com/secunia_research/2009-52/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-52/"
},
{
"name": "http://forums.winamp.com/showthread.php?threadid=315355",
"refsource": "CONFIRM",
"url": "http://forums.winamp.com/showthread.php?threadid=315355"
},
{
"name": "ADV-2010-1107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "SUSE-SR:2010:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "37374",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37374"
},
{
"name": "ADV-2010-1957",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1957"
},
{
"name": "37495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37495"
},
{
"name": "ADV-2009-3575",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3575"
},
{
"name": "20091217 Secunia Research: Winamp Impulse Tracker Instrument Parsing Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508527/100/0/threaded"
},
{
"name": "40799",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40799"
},
{
"name": "20091217 Secunia Research: Winamp Impulse Tracker Sample Parsing Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508526/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2009-55/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-55/"
}
]
}
}

130
2009/4xxx/CVE-2009-4157.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4157",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://websecurity.com.ua/3482/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/3482/"
},
{
"name" : "37145",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37145"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in index.php in the ProofReader (com_proofreader) component 1.0 RC9 and earlier for Joomla! allow remote attackers to inject arbitrary web script or HTML via the URI, which is not properly handled in (1) 404 or (2) error pages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37145"
},
{
"name": "http://websecurity.com.ua/3482/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3482/"
}
]
}
}

34
2009/4xxx/CVE-2009-4258.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4258",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4258",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2009/4xxx/CVE-2009-4400.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Parish Administration Database (ste_parish_admin) extension 0.1.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}

170
2009/4xxx/CVE-2009-4463.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4463",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091214 Exposing HMS HICP Protocol + Intellicom NetBiterConfig.exe Remote Buffer Overflow (Not patched)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508449/100/0/threaded"
},
{
"name" : "http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1",
"refsource" : "MISC",
"url" : "http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1"
},
{
"name" : "http://blog.48bits.com/?p=781",
"refsource" : "MISC",
"url" : "http://blog.48bits.com/?p=781"
},
{
"name" : "http://support.intellicom.se/getfile.cfm?FID=151",
"refsource" : "MISC",
"url" : "http://support.intellicom.se/getfile.cfm?FID=151"
},
{
"name" : "VU#902793",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/902793"
},
{
"name" : "61506",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/61506"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61506",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61506"
},
{
"name": "VU#902793",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/902793"
},
{
"name": "http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1",
"refsource": "MISC",
"url": "http://reversemode.com/index.php?option=com_content&task=view&id=65&Itemid=1"
},
{
"name": "http://support.intellicom.se/getfile.cfm?FID=151",
"refsource": "MISC",
"url": "http://support.intellicom.se/getfile.cfm?FID=151"
},
{
"name": "20091214 Exposing HMS HICP Protocol + Intellicom NetBiterConfig.exe Remote Buffer Overflow (Not patched)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508449/100/0/threaded"
},
{
"name": "http://blog.48bits.com/?p=781",
"refsource": "MISC",
"url": "http://blog.48bits.com/?p=781"
}
]
}
}

160
2009/4xxx/CVE-2009-4557.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4557",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, to inject arbitrary web script or HTML via a node title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4557",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/520564",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/520564"
},
{
"name" : "35710",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35710"
},
{
"name" : "55866",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55866"
},
{
"name" : "35879",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35879"
},
{
"name" : "imageassist-node-title-xss(51786)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51786"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with image-node creation privileges, to inject arbitrary web script or HTML via a node title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/520564",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/520564"
},
{
"name": "imageassist-node-title-xss(51786)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51786"
},
{
"name": "35710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35710"
},
{
"name": "35879",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35879"
},
{
"name": "55866",
"refsource": "OSVDB",
"url": "http://osvdb.org/55866"
}
]
}
}

150
2009/4xxx/CVE-2009-4579.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4579",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0912-exploits/joomlaartistavenue-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0912-exploits/joomlaartistavenue-xss.txt"
},
{
"name" : "10818",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10818"
},
{
"name" : "37537",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37537"
},
{
"name" : "artistavenue-itemid-xss(55214)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55214"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Artist avenue (com_artistavenue) component for Joomla! and Mambo allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37537"
},
{
"name": "artistavenue-itemid-xss(55214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55214"
},
{
"name": "10818",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10818"
},
{
"name": "http://packetstormsecurity.org/0912-exploits/joomlaartistavenue-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0912-exploits/joomlaartistavenue-xss.txt"
}
]
}
}

140
2009/4xxx/CVE-2009-4905.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4905",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4905",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "10406",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10406"
},
{
"name" : "37694",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37694"
},
{
"name" : "ADV-2009-3509",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3509"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10406",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10406"
},
{
"name": "37694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37694"
},
{
"name": "ADV-2009-3509",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3509"
}
]
}
}

34
2015/0xxx/CVE-2015-0082.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0082",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-0082",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

150
2015/0xxx/CVE-2015-0424.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0424",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM prior to 3.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to IPMI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "72181",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72181"
},
{
"name" : "1031594",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031594"
},
{
"name" : "oracle-cpujan2015-cve20150424(100158)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM prior to 3.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to IPMI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-cpujan2015-cve20150424(100158)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100158"
},
{
"name": "1031594",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031594"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "72181",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72181"
}
]
}
}

130
2015/0xxx/CVE-2015-0762.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150602 Cisco Unified MeetingPlace Microsoft Outlook Reflected Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39161"
},
{
"name" : "1032470",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032470"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) for Microsoft Outlook allows remote attackers to inject arbitrary web script or HTML via a crafted value in a URL, aka Bug ID CSCuu51400."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032470",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032470"
},
{
"name": "20150602 Cisco Unified MeetingPlace Microsoft Outlook Reflected Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39161"
}
]
}
}

170
2015/0xxx/CVE-2015-0844.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0844",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-0844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://forums.wesnoth.org/viewtopic.php?t=41870",
"refsource" : "CONFIRM",
"url" : "http://forums.wesnoth.org/viewtopic.php?t=41870"
},
{
"name" : "http://forums.wesnoth.org/viewtopic.php?t=41872",
"refsource" : "CONFIRM",
"url" : "http://forums.wesnoth.org/viewtopic.php?t=41872"
},
{
"name" : "DSA-3218",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3218"
},
{
"name" : "FEDORA-2015-6108",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155031.html"
},
{
"name" : "FEDORA-2015-6280",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155968.html"
},
{
"name" : "FEDORA-2015-6295",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x before 1.12.2 allows remote attackers to read arbitrary files via a crafted (1) campaign or (2) map file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-6295",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156001.html"
},
{
"name": "DSA-3218",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3218"
},
{
"name": "FEDORA-2015-6108",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155031.html"
},
{
"name": "FEDORA-2015-6280",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155968.html"
},
{
"name": "http://forums.wesnoth.org/viewtopic.php?t=41872",
"refsource": "CONFIRM",
"url": "http://forums.wesnoth.org/viewtopic.php?t=41872"
},
{
"name": "http://forums.wesnoth.org/viewtopic.php?t=41870",
"refsource": "CONFIRM",
"url": "http://forums.wesnoth.org/viewtopic.php?t=41870"
}
]
}
}

170
2015/1xxx/CVE-2015-1226.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=456841",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=456841"
},
{
"name" : "https://codereview.chromium.org/910053002",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/910053002"
},
{
"name" : "GLSA-201503-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-12"
},
{
"name" : "RHSA-2015:0627",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0627.html"
},
{
"name" : "72901",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72901"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=456841",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=456841"
},
{
"name": "72901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72901"
},
{
"name": "GLSA-201503-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"name": "RHSA-2015:0627",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"name": "https://codereview.chromium.org/910053002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/910053002"
}
]
}
}

220
2015/1xxx/CVE-2015-1304.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1304",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1304",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html"
},
{
"name" : "https://chromium.googlesource.com/v8/v8/+/9b0fb52b57021473aa813f3fb99ad7384a8b86f1",
"refsource" : "CONFIRM",
"url" : "https://chromium.googlesource.com/v8/v8/+/9b0fb52b57021473aa813f3fb99ad7384a8b86f1"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=531891",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=531891"
},
{
"name" : "DSA-3376",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3376"
},
{
"name" : "GLSA-201603-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-09"
},
{
"name" : "RHSA-2015:1841",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1841.html"
},
{
"name" : "openSUSE-SU-2015:1876",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00002.html"
},
{
"name" : "openSUSE-SU-2015:1719",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html"
},
{
"name" : "USN-2757-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2757-1"
},
{
"name" : "76844",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76844"
},
{
"name" : "1033683",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033683"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2757-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2757-1"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html"
},
{
"name": "RHSA-2015:1841",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1841.html"
},
{
"name": "openSUSE-SU-2015:1719",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=531891",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=531891"
},
{
"name": "DSA-3376",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3376"
},
{
"name": "https://chromium.googlesource.com/v8/v8/+/9b0fb52b57021473aa813f3fb99ad7384a8b86f1",
"refsource": "CONFIRM",
"url": "https://chromium.googlesource.com/v8/v8/+/9b0fb52b57021473aa813f3fb99ad7384a8b86f1"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "openSUSE-SU-2015:1876",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00002.html"
},
{
"name": "1033683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033683"
},
{
"name": "76844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76844"
}
]
}
}

260
2015/1xxx/CVE-2015-1333.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1333",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2015-1333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150727 Security issue in Linux Kernel Keyring (CVE-2015-1333)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/27/7"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245658",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245658"
},
{
"name" : "https://github.com/torvalds/linux/commit/ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "DSA-3329",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3329"
},
{
"name" : "RHSA-2015:1778",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1778.html"
},
{
"name" : "RHSA-2015:1787",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1787.html"
},
{
"name" : "USN-2687-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2687-1"
},
{
"name" : "USN-2688-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2688-1"
},
{
"name" : "USN-2689-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2689-1"
},
{
"name" : "USN-2690-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2690-1"
},
{
"name" : "USN-2691-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2691-1"
},
{
"name" : "76050",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76050"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the __key_link_end function in security/keys/keyring.c in the Linux kernel before 4.1.4 allows local users to cause a denial of service (memory consumption) via many add_key system calls that refer to existing keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4"
},
{
"name": "USN-2689-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2689-1"
},
{
"name": "USN-2690-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2690-1"
},
{
"name": "RHSA-2015:1778",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1778.html"
},
{
"name": "https://github.com/torvalds/linux/commit/ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0"
},
{
"name": "USN-2691-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2691-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1245658",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245658"
},
{
"name": "DSA-3329",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3329"
},
{
"name": "RHSA-2015:1787",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1787.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "76050",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76050"
},
{
"name": "USN-2688-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2688-1"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ca4da5dd1f99fe9c59f1709fb43e818b18ad20e0"
},
{
"name": "[oss-security] 20150727 Security issue in Linux Kernel Keyring (CVE-2015-1333)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/27/7"
},
{
"name": "USN-2687-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2687-1"
}
]
}
}

170
2015/1xxx/CVE-2015-1474.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1474",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1474",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150311 [CVE-2015-1474]Integer overflow leading to heap corruption while unflattening GraphicBuffer",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Mar/63"
},
{
"name" : "http://packetstormsecurity.com/files/130778/Google-Android-Integer-Oveflow-Heap-Corruption.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130778/Google-Android-Integer-Oveflow-Heap-Corruption.html"
},
{
"name" : "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf",
"refsource" : "MISC",
"url" : "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091"
},
{
"name" : "72788",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72788"
},
{
"name" : "1031875",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031875"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72788"
},
{
"name": "20150311 [CVE-2015-1474]Integer overflow leading to heap corruption while unflattening GraphicBuffer",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/63"
},
{
"name": "https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/native/+/38803268570f90e97452cd9a30ac831661829091"
},
{
"name": "1031875",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031875"
},
{
"name": "http://packetstormsecurity.com/files/130778/Google-Android-Integer-Oveflow-Heap-Corruption.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130778/Google-Android-Integer-Oveflow-Heap-Corruption.html"
},
{
"name": "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf",
"refsource": "MISC",
"url": "https://www.blackhat.com/docs/us-15/materials/us-15-Gong-Fuzzing-Android-System-Services-By-Binder-Call-To-Escalate-Privilege.pdf"
}
]
}
}

34
2015/1xxx/CVE-2015-1556.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1556",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1556",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2015/1xxx/CVE-2015-1707.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1707",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-1707",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

130
2015/4xxx/CVE-2015-4921.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-4921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name" : "1034709",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034709"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034709",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034709"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
}
]
}
}

320
2015/5xxx/CVE-2015-5154.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.citrix.com/article/CTX201593",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX201593"
},
{
"name" : "http://xenbits.xen.org/xsa/advisory-138.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-138.html"
},
{
"name" : "DSA-3348",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3348"
},
{
"name" : "FEDORA-2015-12657",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html"
},
{
"name" : "FEDORA-2015-12679",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html"
},
{
"name" : "FEDORA-2015-12714",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html"
},
{
"name" : "GLSA-201510-02",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201510-02"
},
{
"name" : "GLSA-201604-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201604-03"
},
{
"name" : "RHSA-2015:1507",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
},
{
"name" : "RHSA-2015:1508",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
},
{
"name" : "RHSA-2015:1512",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
},
{
"name" : "SUSE-SU-2015:1299",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html"
},
{
"name" : "SUSE-SU-2015:1302",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html"
},
{
"name" : "SUSE-SU-2015:1643",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"name" : "SUSE-SU-2015:1455",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html"
},
{
"name" : "SUSE-SU-2015:1409",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html"
},
{
"name" : "SUSE-SU-2015:1421",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html"
},
{
"name" : "SUSE-SU-2015:1426",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
},
{
"name" : "SUSE-SU-2015:1782",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"name" : "76048",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76048"
},
{
"name" : "1033074",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033074"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the IDE subsystem in QEMU, as used in Xen 4.5.x and earlier, when the container has a CDROM drive enabled, allows local guest users to execute arbitrary code on the host via unspecified ATAPI commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76048"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-138.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-138.html"
},
{
"name": "SUSE-SU-2015:1643",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"name": "GLSA-201510-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-02"
},
{
"name": "1033074",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033074"
},
{
"name": "DSA-3348",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3348"
},
{
"name": "SUSE-SU-2015:1782",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00019.html"
},
{
"name": "RHSA-2015:1508",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
},
{
"name": "RHSA-2015:1507",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
},
{
"name": "FEDORA-2015-12714",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163681.html"
},
{
"name": "RHSA-2015:1512",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
},
{
"name": "SUSE-SU-2015:1455",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00022.html"
},
{
"name": "SUSE-SU-2015:1299",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00041.html"
},
{
"name": "SUSE-SU-2015:1426",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00020.html"
},
{
"name": "FEDORA-2015-12657",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163658.html"
},
{
"name": "SUSE-SU-2015:1421",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html"
},
{
"name": "GLSA-201604-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201604-03"
},
{
"name": "SUSE-SU-2015:1302",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00042.html"
},
{
"name": "SUSE-SU-2015:1409",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00017.html"
},
{
"name": "http://support.citrix.com/article/CTX201593",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX201593"
},
{
"name": "FEDORA-2015-12679",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163472.html"
}
]
}
}

34
2015/5xxx/CVE-2015-5215.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5215",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5215",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2015/5xxx/CVE-2015-5308.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5308",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vapid.dhs.org/advisory.php?v=155",
"refsource" : "MISC",
"url" : "http://www.vapid.dhs.org/advisory.php?v=155"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8221",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8221"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in cs_admin_users.php in the wp-championship plugin 5.8 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) user, (2) isadmin, (3) mail service, (4) mailresceipt, (5) stellv, (6) champtipp, (7) tippgroup, or (8) userid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8221",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8221"
},
{
"name": "http://www.vapid.dhs.org/advisory.php?v=155",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisory.php?v=155"
}
]
}
}

188
2018/1002xxx/CVE-2018-1002101.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "jordan@liggitt.net",
"DATE_ASSIGNED" : "2018-05-31",
"ID" : "CVE-2018-1002101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Kubernetes",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "v1.9.10"
},
{
"version_affected" : "<",
"version_value" : "v1.10.6"
},
{
"version_affected" : "<",
"version_value" : "v1.11.2"
}
]
}
}
]
},
"vendor_name" : "Kubernetes"
}
]
}
},
"credit" : [
"Reported by Tim Allclair"
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 5.9,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "argument injection"
}
"CVE_data_meta": {
"ASSIGNER": "jordan@liggitt.net",
"DATE_ASSIGNED": "2018-05-31",
"ID": "CVE-2018-1002101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Kubernetes",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "v1.9.10"
},
{
"version_affected": "<",
"version_value": "v1.10.6"
},
{
"version_affected": "<",
"version_value": "v1.11.2"
}
]
}
}
]
},
"vendor_name": "Kubernetes"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/kubernetes/kubernetes/issues/65750",
"refsource" : "CONFIRM",
"url" : "https://github.com/kubernetes/kubernetes/issues/65750"
},
{
"name" : "106238",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106238"
}
]
}
}
}
},
"credit": [
"Reported by Tim Allclair"
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Kubernetes versions 1.9.0-1.9.9, 1.10.0-1.10.5, and 1.11.0-1.11.1, user input was handled insecurely while setting up volume mounts on Windows nodes, which could lead to command line argument injection."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "argument injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kubernetes/kubernetes/issues/65750",
"refsource": "CONFIRM",
"url": "https://github.com/kubernetes/kubernetes/issues/65750"
},
{
"name": "106238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106238"
}
]
}
}

126
2018/1999xxx/CVE-2018-1999003.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-07-18T10:18:03.883568",
"DATE_REQUESTED" : "2018-07-18T00:00:00",
"ID" : "CVE-2018-1999003",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.132 and earlier, 2.121.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-18T10:18:03.883568",
"DATE_REQUESTED": "2018-07-18T00:00:00",
"ID": "CVE-2018-1999003",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-891",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-891"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Improper authorization vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in Queue.java that allows attackers with Overall/Read permission to cancel queued builds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-891",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-891"
}
]
}
}

180
2018/3xxx/CVE-2018-3155.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3155",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "5.7.23 and prior"
},
{
"version_affected" : "=",
"version_value" : "8.0.12 and prior"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3155",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7.23 and prior"
},
{
"version_affected": "=",
"version_value": "8.0.12 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"name" : "RHSA-2018:3655",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3655"
},
{
"name" : "USN-3799-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3799-1/"
},
{
"name" : "105594",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105594"
},
{
"name" : "1041888",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Parser). Supported versions that are affected are 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 7.7 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. While the vulnerability is in MySQL Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041888",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "RHSA-2018:3655",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3655"
},
{
"name": "USN-3799-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3799-1/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "105594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105594"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
}
]
}
}

142
2018/3xxx/CVE-2018-3955.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-10-16T00:00:00",
"ID" : "CVE-2018-3955",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ESeries E1200",
"version" : {
"version_data" : [
{
"version_value" : "Firmware Version 2.0.09"
}
]
}
},
{
"product_name" : "ESeries E2500",
"version" : {
"version_data" : [
{
"version_value" : "Firmware Version 3.0.04"
}
]
}
}
]
},
"vendor_name" : "Linksys"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted to apply.cgi as the value to the 'wan_domain' POST parameter. The wan_domain data goes through the nvram_set process described above. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "OS Command Injection"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-10-16T00:00:00",
"ID": "CVE-2018-3955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESeries E1200",
"version": {
"version_data": [
{
"version_value": "Firmware Version 2.0.09"
}
]
}
},
{
"product_name": "ESeries E2500",
"version": {
"version_data": [
{
"version_value": "Firmware Version 3.0.04"
}
]
}
}
]
},
"vendor_name": "Linksys"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted to apply.cgi as the value to the 'wan_domain' POST parameter. The wan_domain data goes through the nvram_set process described above. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
]
}
}

150
2018/6xxx/CVE-2018-6194.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6194",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6194",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180126 [CVE-2018-6194, CVE-2018-6195] PHP Object Injection + XSS in WordPress Splashing Images Plugin",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jan/91"
},
{
"name" : "http://packetstormsecurity.com/files/146109/WordPress-Splashing-Images-2.1-Cross-Site-Scripting-PHP-Object-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/146109/WordPress-Splashing-Images-2.1-Cross-Site-Scripting-PHP-Object-Injection.html"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/9016",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/9016"
},
{
"name" : "https://plugins.trac.wordpress.org/changeset/1807349/wp-splashing-images",
"refsource" : "CONFIRM",
"url" : "https://plugins.trac.wordpress.org/changeset/1807349/wp-splashing-images"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/9016",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/9016"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/1807349/wp-splashing-images",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/1807349/wp-splashing-images"
},
{
"name": "20180126 [CVE-2018-6194, CVE-2018-6195] PHP Object Injection + XSS in WordPress Splashing Images Plugin",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jan/91"
},
{
"name": "http://packetstormsecurity.com/files/146109/WordPress-Splashing-Images-2.1-Cross-Site-Scripting-PHP-Object-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146109/WordPress-Splashing-Images-2.1-Cross-Site-Scripting-PHP-Object-Injection.html"
}
]
}
}

120
2018/6xxx/CVE-2018-6479.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6479",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/dreadlocked/netwave-dosvulnerability",
"refsource" : "MISC",
"url" : "https://github.com/dreadlocked/netwave-dosvulnerability"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on Netwave IP Camera devices. An unauthenticated attacker can crash a device by sending a POST request with a huge body size to the / URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dreadlocked/netwave-dosvulnerability",
"refsource": "MISC",
"url": "https://github.com/dreadlocked/netwave-dosvulnerability"
}
]
}
}

122
2018/6xxx/CVE-2018-6515.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@puppet.com",
"DATE_PUBLIC" : "2018-06-11T00:00:00",
"ID" : "CVE-2018-6515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Puppet Agent",
"version" : {
"version_data" : [
{
"version_value" : "Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2"
}
]
}
}
]
},
"vendor_name" : "Puppet"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Arbitrary Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"DATE_PUBLIC": "2018-06-11T00:00:00",
"ID": "CVE-2018-6515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Puppet Agent",
"version": {
"version_data": [
{
"version_value": "Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2"
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://puppet.com/security/cve/CVE-2018-6515",
"refsource" : "CONFIRM",
"url" : "https://puppet.com/security/cve/CVE-2018-6515"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Arbitrary Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2018-6515",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/CVE-2018-6515"
}
]
}
}

34
2018/6xxx/CVE-2018-6709.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6709",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6709",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/6xxx/CVE-2018-6826.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a breakout program, and therefore man-in-the-middle attackers can execute arbitrary code by watching for a local user to launch the Breakout Easter Egg feature, and then sending a crafted HTTP response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://stacksmashing.net/CVE-2018-6826.html",
"refsource" : "MISC",
"url" : "http://stacksmashing.net/CVE-2018-6826.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on VOBOT CLOCK before 0.99.30 devices. Cleartext HTTP is used to download a breakout program, and therefore man-in-the-middle attackers can execute arbitrary code by watching for a local user to launch the Breakout Easter Egg feature, and then sending a crafted HTTP response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://stacksmashing.net/CVE-2018-6826.html",
"refsource": "MISC",
"url": "http://stacksmashing.net/CVE-2018-6826.html"
}
]
}
}

34
2018/7xxx/CVE-2018-7424.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7424",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7424",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7597.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7597",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7597",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7616.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7616",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7616",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7623.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7623",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7623",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7983.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7983",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-7983",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

178
2018/8xxx/CVE-2018-8160.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8160",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Word",
"version" : {
"version_data" : [
{
"version_value" : "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2"
}
]
}
},
{
"product_name" : "Microsoft Office",
"version" : {
"version_data" : [
{
"version_value" : "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value" : "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value" : "Compatibility Pack Service Pack 3"
},
{
"version_value" : "Web Apps Server 2010 Service Pack 2"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists in Outlook when a message is opened, aka \"Microsoft Outlook Information Disclosure Vulnerability.\" This affects Word, Microsoft Office."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8160",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Word",
"version": {
"version_data": [
{
"version_value": "Automation Services on Microsoft SharePoint Server 2010 Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "Compatibility Pack Service Pack 3"
},
{
"version_value": "Web Apps Server 2010 Service Pack 2"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8160",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8160"
},
{
"name" : "104051",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104051"
},
{
"name" : "1040852",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040852"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in Outlook when a message is opened, aka \"Microsoft Outlook Information Disclosure Vulnerability.\" This affects Word, Microsoft Office."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040852",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040852"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8160",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8160"
},
{
"name": "104051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104051"
}
]
}
}

460
2018/8xxx/CVE-2018-8481.json
View File

@ -1,232 +1,232 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8481",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2008",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 2"
},
{
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value" : "Itanium-Based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2019",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "Version 1809 for 32-bit Systems"
},
{
"version_value" : "Version 1809 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka \"Windows Media Player Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8482."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8481",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8481"
},
{
"name" : "105452",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105452"
},
{
"name" : "1041829",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041829"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Windows Media Player improperly discloses file information, aka \"Windows Media Player Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8482."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105452",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105452"
},
{
"name": "1041829",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041829"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8481",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8481"
}
]
}
}

34
2018/8xxx/CVE-2018-8645.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8645",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8645",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/8xxx/CVE-2018-8737.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8737",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers \"Book Me\" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-bookme_17.html",
"refsource" : "MISC",
"url" : "https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-bookme_17.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bookme Control Panel 2.0 Application is vulnerable to stored XSS within the Customers \"Book Me\" function. Within the Name and Note (aka custName and custNote) sections of the Customers screen, the application does not sanitize user-supplied input and renders injected JavaScript code to the user's browser."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-bookme_17.html",
"refsource": "MISC",
"url": "https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-bookme_17.html"
}
]
}
}

120
2018/8xxx/CVE-2018-8893.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8893",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ability to execute arbitrary PHP code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8893",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.secz.org/0day/2569.html",
"refsource" : "MISC",
"url" : "https://www.secz.org/0day/2569.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ability to execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.secz.org/0day/2569.html",
"refsource": "MISC",
"url": "https://www.secz.org/0day/2569.html"
}
]
}
}