admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:55:53 +00:00
parent 0b8cbb59f7
commit 28fb3b5ef3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 4290 additions and 4290 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

238
2002/0xxx/CVE-2002-0713.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0713",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name" : "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name" : "RHSA-2002:051",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name" : "RHSA-2002:130",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name" : "CSSA-2002-046.0",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name" : "MDKSA-2002:044",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
},
{
"name" : "20020715 TSLSA-2002-0062 - squid",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102674543407606&w=2"
},
{
"name" : "5155",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5155"
},
{
"name" : "5156",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5156"
},
{
"name" : "5157",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5157"
},
{
"name" : "squid-msnt-helper-bo(9482)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9482.php"
},
{
"name" : "squid-gopher-bo(9480)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9480.php"
},
{
"name" : "squid-ftp-dir-bo(9481)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9481.php"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code (1) via the MSNT auth helper (msnt_auth) when using denyusers or allowusers files, (2) via the gopher client, or (3) via the FTP server directory listing parser when HTML output is generated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "squid-ftp-dir-bo(9481)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9481.php"
},
{
"name": "20020715 TSLSA-2002-0062 - squid",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102674543407606&w=2"
},
{
"name": "CSSA-2002-046.0",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt"
},
{
"name": "squid-gopher-bo(9480)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9480.php"
},
{
"name": "5157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5157"
},
{
"name": "squid-msnt-helper-bo(9482)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9482.php"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.4/bugs/",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.4/bugs/"
},
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "5155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5155"
},
{
"name": "5156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5156"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_3.txt"
},
{
"name": "RHSA-2002:130",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-130.html"
},
{
"name": "MDKSA-2002:044",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php"
}
]
}
}

138
2002/2xxx/CVE-2002-2312.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2312",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020723 Pressing CTRL in IE is dangerous - Sandblad advisory #8",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/283866"
},
{
"name" : "20020724 Re: Pressing CTRL in IE is dangerous - Sandblad advisory #8",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/284096"
},
{
"name" : "5290",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5290"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera 6.0.1 allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020723 Pressing CTRL in IE is dangerous - Sandblad advisory #8",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/283866"
},
{
"name": "20020724 Re: Pressing CTRL in IE is dangerous - Sandblad advisory #8",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/284096"
},
{
"name": "5290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5290"
}
]
}
}

138
2005/0xxx/CVE-2005-0426.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0426",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via \"Heavy UDP Usage\" that triggers a NULL dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "57728",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57728-1"
},
{
"name" : "12385",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12385"
},
{
"name" : "solaris-udp-end-point-dos(19119)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19119"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via \"Heavy UDP Usage\" that triggers a NULL dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57728",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57728-1"
},
{
"name": "solaris-udp-end-point-dos(19119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19119"
},
{
"name": "12385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12385"
}
]
}
}

118
2005/0xxx/CVE-2005-0620.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0620",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14455",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14455"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14455",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14455"
}
]
}
}

158
2005/0xxx/CVE-2005-0782.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050312 [SECURITYREASON.COM] SQL injection and XSS in paFileDB",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111065796525043&w=2"
},
{
"name" : "20050330 PaFileDB Version 3.1 and below are exploitable via a XSS and a SQL injection vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111221940107161&w=2"
},
{
"name" : "http://digitalparadox.org/advisories/pafdb.txt",
"refsource" : "MISC",
"url" : "http://digitalparadox.org/advisories/pafdb.txt"
},
{
"name" : "12788",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12788"
},
{
"name" : "pafiledb-viewall-category-xss(19690)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19690"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://digitalparadox.org/advisories/pafdb.txt",
"refsource": "MISC",
"url": "http://digitalparadox.org/advisories/pafdb.txt"
},
{
"name": "20050312 [SECURITYREASON.COM] SQL injection and XSS in paFileDB",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111065796525043&w=2"
},
{
"name": "pafiledb-viewall-category-xss(19690)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19690"
},
{
"name": "12788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12788"
},
{
"name": "20050330 PaFileDB Version 3.1 and below are exploitable via a XSS and a SQL injection vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111221940107161&w=2"
}
]
}
}

138
2005/0xxx/CVE-2005-0811.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0811",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#131828",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/131828"
},
{
"name" : "12843",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12843"
},
{
"name" : "14617",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14617"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14617"
},
{
"name": "VU#131828",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/131828"
},
{
"name": "12843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12843"
}
]
}
}

118
2005/0xxx/CVE-2005-0931.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0931",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0931",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12926",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12926"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12926"
}
]
}
}

138
2005/1xxx/CVE-2005-1113.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1113",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111343406309969&w=2"
},
{
"name" : "http://www.digitalparadox.org/advisories/phpbbp.txt",
"refsource" : "MISC",
"url" : "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"name" : "phpbb-multiple-modules-xss(20085)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20085"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbb-multiple-modules-xss(20085)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20085"
},
{
"name": "http://www.digitalparadox.org/advisories/phpbbp.txt",
"refsource": "MISC",
"url": "http://www.digitalparadox.org/advisories/phpbbp.txt"
},
{
"name": "20050413 Multiple Sql injection and XSS vulnerabilities in phpBB Plus and below and some of its modules",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111343406309969&w=2"
}
]
}
}

168
2005/1xxx/CVE-2005-1382.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1382",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050428 File appending vulnerability in Oracle Webcache 9i",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111472615519295&w=2"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html"
},
{
"name" : "13420",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13420"
},
{
"name" : "15909",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15909"
},
{
"name" : "15143",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15143"
},
{
"name" : "oracle9ias-application-cache-file-corruption(20310)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20310"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_webcache_append_file_vulnerabilitiy.html"
},
{
"name": "20050428 File appending vulnerability in Oracle Webcache 9i",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111472615519295&w=2"
},
{
"name": "15143",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15143"
},
{
"name": "15909",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15909"
},
{
"name": "13420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13420"
},
{
"name": "oracle9ias-application-cache-file-corruption(20310)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20310"
}
]
}
}

178
2005/1xxx/CVE-2005-1462.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1462",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in the ICEP dissector in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-1462",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00019.html",
"refsource" : "CONFIRM",
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00019.html"
},
{
"name" : "http://www.ethereal.com/news/item_20050504_01.html",
"refsource" : "CONFIRM",
"url" : "http://www.ethereal.com/news/item_20050504_01.html"
},
{
"name" : "CLSA-2005:963",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963"
},
{
"name" : "FLSA-2006:152922",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html"
},
{
"name" : "RHSA-2005:427",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-427.html"
},
{
"name" : "13504",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13504"
},
{
"name" : "oval:org.mitre.oval:def:9713",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9713"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the ICEP dissector in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13504"
},
{
"name": "RHSA-2005:427",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-427.html"
},
{
"name": "oval:org.mitre.oval:def:9713",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9713"
},
{
"name": "http://www.ethereal.com/appnotes/enpa-sa-00019.html",
"refsource": "CONFIRM",
"url": "http://www.ethereal.com/appnotes/enpa-sa-00019.html"
},
{
"name": "FLSA-2006:152922",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html"
},
{
"name": "CLSA-2005:963",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000963"
},
{
"name": "http://www.ethereal.com/news/item_20050504_01.html",
"refsource": "CONFIRM",
"url": "http://www.ethereal.com/news/item_20050504_01.html"
}
]
}
}

128
2005/1xxx/CVE-2005-1779.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1779",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1014048",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014048"
},
{
"name" : "15511",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15511"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in password.asp in MaxWebPortal 1.35, 1.36, 2.0, and 20050418 Next allows remote attackers to execute arbitrary SQL commands via the memKey parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014048",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014048"
},
{
"name": "15511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15511"
}
]
}
}

128
2005/1xxx/CVE-2005-1909.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1909",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a \"</pre><!-\" sequence in an HTTP GET request in the logon, possibly due to a cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://rgod.altervista.org/602_en.html",
"refsource" : "MISC",
"url" : "http://rgod.altervista.org/602_en.html"
},
{
"name" : "1014105",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014105"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web server control panel in 602LAN SUITE 2004 allows remote attackers to make it more difficult for the administrator to read portions of log files via a \"</pre><!-\" sequence in an HTTP GET request in the logon, possibly due to a cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014105",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014105"
},
{
"name": "http://rgod.altervista.org/602_en.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/602_en.html"
}
]
}
}

148
2005/4xxx/CVE-2005-4334.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4334",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060411 ZixForum vendor ack/fix",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2006-April/000687.html"
},
{
"name" : "16406",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16406"
},
{
"name" : "22096",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22096"
},
{
"name" : "1015359",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015359"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ZixForum 1.12 allows remote attackers to execute arbitrary SQL commands via the H_ID parameter to (1) zixforum/forum.asp, as used in (2) Headforums.asp and (3) Subject.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20060411 ZixForum vendor ack/fix",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-April/000687.html"
},
{
"name": "1015359",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015359"
},
{
"name": "16406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16406"
},
{
"name": "22096",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22096"
}
]
}
}

128
2005/4xxx/CVE-2005-4730.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to \"problematic seeding\" of the random number generator, possibly predictable seeds."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pear.php.net/package/Text_Password/download/",
"refsource" : "CONFIRM",
"url" : "http://pear.php.net/package/Text_Password/download/"
},
{
"name" : "23825",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23825"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to \"problematic seeding\" of the random number generator, possibly predictable seeds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23825",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23825"
},
{
"name": "http://pear.php.net/package/Text_Password/download/",
"refsource": "CONFIRM",
"url": "http://pear.php.net/package/Text_Password/download/"
}
]
}
}

168
2009/0xxx/CVE-2009-0244.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090119 Microsoft Bluetooth Stack OBEX Directory Traversal",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500199/100/0/threaded"
},
{
"name" : "http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html",
"refsource" : "MISC",
"url" : "http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html"
},
{
"name" : "33359",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33359"
},
{
"name" : "33598",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33598"
},
{
"name" : "4938",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/4938"
},
{
"name" : "winmobile-obexftp-directory-traversal(48124)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48124"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. (dot dot) in a pathname. NOTE: this can be leveraged for code execution by writing to a Startup folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33598",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33598"
},
{
"name": "http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://www.seguridadmobile.com/windows-mobile/windows-mobile-security/Microsoft-Bluetooth-Stack-Directory-Traversal.html"
},
{
"name": "20090119 Microsoft Bluetooth Stack OBEX Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500199/100/0/threaded"
},
{
"name": "4938",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4938"
},
{
"name": "33359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33359"
},
{
"name": "winmobile-obexftp-directory-traversal(48124)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48124"
}
]
}
}

138
2009/0xxx/CVE-2009-0530.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0530",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SCRIPT_PATH] parameter to includes/vars.inc.php and the (2) g_pcltar_lib_dir parameter to includes/tar_lib/pcltar.lib.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0530",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8017",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8017"
},
{
"name" : "33705",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33705"
},
{
"name" : "33865",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33865"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in SnippetMaster 2.2.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _SESSION[SCRIPT_PATH] parameter to includes/vars.inc.php and the (2) g_pcltar_lib_dir parameter to includes/tar_lib/pcltar.lib.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8017",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8017"
},
{
"name": "33865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33865"
},
{
"name": "33705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33705"
}
]
}
}

188
2009/0xxx/CVE-2009-0668.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0668",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities",
"refsource" : "MLIST",
"url" : "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"
},
{
"name" : "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2",
"refsource" : "CONFIRM",
"url" : "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"
},
{
"name" : "35987",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35987"
},
{
"name" : "56827",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56827"
},
{
"name" : "36204",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36204"
},
{
"name" : "36205",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36205"
},
{
"name" : "ADV-2009-2217",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2217"
},
{
"name" : "zope-protocol-code-execution(52377)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise Objects (ZEO) database sharing is enabled, allows remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2217",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2217"
},
{
"name": "36204",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36204"
},
{
"name": "zope-protocol-code-execution(52377)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52377"
},
{
"name": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2",
"refsource": "CONFIRM",
"url": "http://pypi.python.org/pypi/ZODB3/3.8.2#whats-new-in-zodb-3-8-2"
},
{
"name": "36205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36205"
},
{
"name": "[zope-announce] 20090806 CVE-2009-0668 and CVE-2009-0669: Releases to fix ZODB ZEO server vulnerabilities",
"refsource": "MLIST",
"url": "http://mail.zope.org/pipermail/zope-announce/2009-August/002220.html"
},
{
"name": "56827",
"refsource": "OSVDB",
"url": "http://osvdb.org/56827"
},
{
"name": "35987",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35987"
}
]
}
}

168
2009/0xxx/CVE-2009-0715.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain \"access\" or \"extended privileges\" via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02414",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124025839111157&w=2"
},
{
"name" : "SSRT080185",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124025839111157&w=2"
},
{
"name" : "53881",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53881"
},
{
"name" : "1022084",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022084"
},
{
"name" : "34807",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34807"
},
{
"name" : "ADV-2009-1109",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1109"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials 6.0.2 through 6.0.4 allows remote authenticated users to obtain \"access\" or \"extended privileges\" via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT080185",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124025839111157&w=2"
},
{
"name": "ADV-2009-1109",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1109"
},
{
"name": "HPSBMA02414",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124025839111157&w=2"
},
{
"name": "1022084",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022084"
},
{
"name": "53881",
"refsource": "OSVDB",
"url": "http://osvdb.org/53881"
},
{
"name": "34807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34807"
}
]
}
}

158
2009/0xxx/CVE-2009-0937.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[or-announce] 20090209 Tor 0.2.0.34 is released (security fixes)",
"refsource" : "MLIST",
"url" : "http://archives.seul.org/or/announce/Feb-2009/msg00000.html"
},
{
"name" : "GLSA-200904-11",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200904-11.xml"
},
{
"name" : "33713",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33713"
},
{
"name" : "33880",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33880"
},
{
"name" : "34583",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34583"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Tor before 0.2.0.34 allows directory mirrors to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34583",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34583"
},
{
"name": "[or-announce] 20090209 Tor 0.2.0.34 is released (security fixes)",
"refsource": "MLIST",
"url": "http://archives.seul.org/or/announce/Feb-2009/msg00000.html"
},
{
"name": "33880",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33880"
},
{
"name": "33713",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33713"
},
{
"name": "GLSA-200904-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-11.xml"
}
]
}
}

32
2009/1xxx/CVE-2009-1396.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1396",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1396",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

158
2009/1xxx/CVE-2009-1735.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8737",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8737"
},
{
"name" : "35033",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35033"
},
{
"name" : "54599",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54599"
},
{
"name" : "35149",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35149"
},
{
"name" : "vidshare-listingvideo-sql-injection(50635)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50635"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in VidSharePro allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vidshare-listingvideo-sql-injection(50635)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50635"
},
{
"name": "8737",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8737"
},
{
"name": "54599",
"refsource": "OSVDB",
"url": "http://osvdb.org/54599"
},
{
"name": "35149",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35149"
},
{
"name": "35033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35033"
}
]
}
}

248
2009/4xxx/CVE-2009-4270.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4270",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20091217 possible vulnerability in ghostscript >= 8.64",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/12/18/1"
},
{
"name" : "[oss-security] 20091218 Re: possible vulnerability in ghostscript >= 8.64",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/12/18/2"
},
{
"name" : "http://bugs.ghostscript.com/show_bug.cgi?id=690829",
"refsource" : "CONFIRM",
"url" : "http://bugs.ghostscript.com/show_bug.cgi?id=690829"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=540760",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=540760"
},
{
"name" : "GLSA-201412-17",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name" : "MDVSA-2010:134",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134"
},
{
"name" : "MDVSA-2010:135",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135"
},
{
"name" : "SUSE-SR:2010:014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name" : "USN-961-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-961-1"
},
{
"name" : "37410",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37410"
},
{
"name" : "61140",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61140"
},
{
"name" : "37851",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37851"
},
{
"name" : "40580",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40580"
},
{
"name" : "ADV-2009-3597",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3597"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201412-17",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201412-17.xml"
},
{
"name": "[oss-security] 20091218 Re: possible vulnerability in ghostscript >= 8.64",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/12/18/2"
},
{
"name": "MDVSA-2010:134",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:134"
},
{
"name": "[oss-security] 20091217 possible vulnerability in ghostscript >= 8.64",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/12/18/1"
},
{
"name": "USN-961-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-961-1"
},
{
"name": "MDVSA-2010:135",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:135"
},
{
"name": "ADV-2009-3597",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3597"
},
{
"name": "61140",
"refsource": "OSVDB",
"url": "http://osvdb.org/61140"
},
{
"name": "40580",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40580"
},
{
"name": "SUSE-SR:2010:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=540760",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=540760"
},
{
"name": "37851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37851"
},
{
"name": "37410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37410"
},
{
"name": "http://bugs.ghostscript.com/show_bug.cgi?id=690829",
"refsource": "CONFIRM",
"url": "http://bugs.ghostscript.com/show_bug.cgi?id=690829"
}
]
}
}

178
2009/4xxx/CVE-2009-4458.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4458",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4458",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "10645",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10645"
},
{
"name" : "37482",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37482"
},
{
"name" : "61357",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61357"
},
{
"name" : "61358",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61358"
},
{
"name" : "37972",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37972"
},
{
"name" : "freepbx-tech-xss(55053)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55053"
},
{
"name" : "freepbx-zap-xss(55054)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55054"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 and 2.6.0rc2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) tech parameter to admin/admin/config.php during a trunks display action, the (2) description parameter during an Add Zap Channel action, and (3) unspecified vectors during an Add Recordings action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61357",
"refsource": "OSVDB",
"url": "http://osvdb.org/61357"
},
{
"name": "freepbx-zap-xss(55054)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55054"
},
{
"name": "10645",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10645"
},
{
"name": "37972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37972"
},
{
"name": "freepbx-tech-xss(55053)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55053"
},
{
"name": "61358",
"refsource": "OSVDB",
"url": "http://osvdb.org/61358"
},
{
"name": "37482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37482"
}
]
}
}

148
2009/4xxx/CVE-2009-4556.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4556",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs, as demonstrated by replacing quhlpsvc.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4556",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091013 Quick Heal Local Privilege Escalation Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507121/100/0/threaded"
},
{
"name" : "36662",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36662"
},
{
"name" : "37033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37033"
},
{
"name" : "quickheal-quhlpsvc-priv-escalation(53746)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53746"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing executables with Trojan horse programs, as demonstrated by replacing quhlpsvc.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "quickheal-quhlpsvc-priv-escalation(53746)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53746"
},
{
"name": "36662",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36662"
},
{
"name": "20091013 Quick Heal Local Privilege Escalation Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507121/100/0/threaded"
},
{
"name": "37033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37033"
}
]
}
}

158
2009/4xxx/CVE-2009-4575.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "10738",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10738"
},
{
"name" : "37503",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37503"
},
{
"name" : "61354",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/61354"
},
{
"name" : "37897",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37897"
},
{
"name" : "qpersonel-personelsira-xss(55128)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55128"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Q-Personel (com_qpersonel) component 1.0.2 RC2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the personel_sira parameter in a sirala action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "61354",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61354"
},
{
"name": "37897",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37897"
},
{
"name": "qpersonel-personelsira-xss(55128)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55128"
},
{
"name": "37503",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37503"
},
{
"name": "10738",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10738"
}
]
}
}

158
2009/4xxx/CVE-2009-4577.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4577",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.maxdev.com/Article661.phtml",
"refsource" : "CONFIRM",
"url" : "http://www.maxdev.com/Article661.phtml"
},
{
"name" : "37488",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37488"
},
{
"name" : "61347",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/61347"
},
{
"name" : "37748",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37748"
},
{
"name" : "mdpro-mdforum-index-sql-injection(55138)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55138"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the MDForum module 2.x through 2.07 for MAXdev MDPro allows remote attackers to execute arbitrary SQL commands via the c parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37748"
},
{
"name": "mdpro-mdforum-index-sql-injection(55138)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55138"
},
{
"name": "61347",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61347"
},
{
"name": "37488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37488"
},
{
"name": "http://www.maxdev.com/Article661.phtml",
"refsource": "CONFIRM",
"url": "http://www.maxdev.com/Article661.phtml"
}
]
}
}

158
2012/2xxx/CVE-2012-2048.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2048",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-2048",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-21.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-21.html"
},
{
"name" : "85317",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85317"
},
{
"name" : "1027516",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027516"
},
{
"name" : "50523",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50523"
},
{
"name" : "coldfusion-unspecified-dos(78410)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78410"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50523"
},
{
"name": "85317",
"refsource": "OSVDB",
"url": "http://osvdb.org/85317"
},
{
"name": "1027516",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027516"
},
{
"name": "coldfusion-unspecified-dos(78410)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78410"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-21.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-21.html"
}
]
}
}

218
2012/2xxx/CVE-2012-2315.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120103 OpenKM 5.1.7 Privilege Escalation",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0007.html"
},
{
"name" : "20120104 Re: OpenKM 5.1.7 Privilege Escalation",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-01/0021.html"
},
{
"name" : "[oss-security] 20120323 CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/23/6"
},
{
"name" : "[oss-security] 20120323 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/03/23/8"
},
{
"name" : "[oss-security] 20120427 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/27/6"
},
{
"name" : "[oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/04/2"
},
{
"name" : "[oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/04/13"
},
{
"name" : "51250",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/51250"
},
{
"name" : "78105",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/78105"
},
{
"name" : "47424",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/47424"
},
{
"name" : "openkm-userpermissions-security-bypass(72112)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72112"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not properly enforce privileges for changing user roles, which allows remote authenticated users to assign administrator privileges to arbitrary users via the userEdit action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120323 CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/6"
},
{
"name": "[oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/04/2"
},
{
"name": "51250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51250"
},
{
"name": "20120103 OpenKM 5.1.7 Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0007.html"
},
{
"name": "[oss-security] 20120323 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/03/23/8"
},
{
"name": "20120104 Re: OpenKM 5.1.7 Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-01/0021.html"
},
{
"name": "[oss-security] 20120504 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/04/13"
},
{
"name": "openkm-userpermissions-security-bypass(72112)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72112"
},
{
"name": "[oss-security] 20120427 Re: CVE-request: OpenKM 5.1.7 Privilege Escalation / OS Command Execution (XSRF based)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/27/6"
},
{
"name": "47424",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47424"
},
{
"name": "78105",
"refsource": "OSVDB",
"url": "http://osvdb.org/78105"
}
]
}
}

32
2012/2xxx/CVE-2012-2497.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2497",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3497, CVE-2012-6400. Reason: This candidate is a duplicate of CVE-2012-3497 and CVE-2012-6400. Notes: All CVE users should reference CVE-2012-3497 (an issue in Xen) or CVE-2012-6400 (an issue not in Xen) instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-2497",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3497, CVE-2012-6400. Reason: This candidate is a duplicate of CVE-2012-3497 and CVE-2012-6400. Notes: All CVE users should reference CVE-2012-3497 (an issue in Xen) or CVE-2012-6400 (an issue not in Xen) instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

178
2012/2xxx/CVE-2012-2882.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2882",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a \"wild pointer\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html"
},
{
"name" : "https://chromiumcodereview.appspot.com/10829204",
"refsource" : "CONFIRM",
"url" : "https://chromiumcodereview.appspot.com/10829204"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=140647",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=140647"
},
{
"name" : "https://src.chromium.org/viewvc/chrome?view=rev&revision=150239",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/chrome?view=rev&revision=150239"
},
{
"name" : "openSUSE-SU-2012:1376",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html"
},
{
"name" : "oval:org.mitre.oval:def:15688",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15688"
},
{
"name" : "google-chrome-cve20122882(78839)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78839"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FFmpeg, as used in Google Chrome before 22.0.1229.79, does not properly handle OGG containers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors, related to a \"wild pointer\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=140647",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=140647"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html"
},
{
"name": "https://chromiumcodereview.appspot.com/10829204",
"refsource": "CONFIRM",
"url": "https://chromiumcodereview.appspot.com/10829204"
},
{
"name": "https://src.chromium.org/viewvc/chrome?view=rev&revision=150239",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/chrome?view=rev&revision=150239"
},
{
"name": "openSUSE-SU-2012:1376",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00012.html"
},
{
"name": "google-chrome-cve20122882(78839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78839"
},
{
"name": "oval:org.mitre.oval:def:15688",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15688"
}
]
}
}

198
2012/2xxx/CVE-2012-2934.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2934",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xen 4.0, and 4.1, when running a 64-bit PV guest on \"older\" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Xen-announce] 20120612 [Xen-announce] Xen Security Advisory 9 (CVE-2012-2934) - PV guest\thost DoS (AMD erratum #121)",
"refsource" : "MLIST",
"url" : "http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html"
},
{
"name" : "http://support.amd.com/us/Processor_TechDocs/25759.pdf",
"refsource" : "MISC",
"url" : "http://support.amd.com/us/Processor_TechDocs/25759.pdf"
},
{
"name" : "DSA-2501",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2501"
},
{
"name" : "GLSA-201309-24",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name" : "openSUSE-SU-2012:1572",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
},
{
"name" : "openSUSE-SU-2012:1573",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
},
{
"name" : "53961",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53961"
},
{
"name" : "51413",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51413"
},
{
"name" : "55082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55082"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xen 4.0, and 4.1, when running a 64-bit PV guest on \"older\" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (host hang) via sequential execution of instructions across a non-canonical boundary, a different vulnerability than CVE-2012-0217."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55082"
},
{
"name": "http://support.amd.com/us/Processor_TechDocs/25759.pdf",
"refsource": "MISC",
"url": "http://support.amd.com/us/Processor_TechDocs/25759.pdf"
},
{
"name": "53961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53961"
},
{
"name": "51413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51413"
},
{
"name": "GLSA-201309-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201309-24.xml"
},
{
"name": "DSA-2501",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2501"
},
{
"name": "openSUSE-SU-2012:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
},
{
"name": "[Xen-announce] 20120612 [Xen-announce] Xen Security Advisory 9 (CVE-2012-2934) - PV guest\thost DoS (AMD erratum #121)",
"refsource": "MLIST",
"url": "http://lists.xen.org/archives/html/xen-announce/2012-06/msg00002.html"
},
{
"name": "openSUSE-SU-2012:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
}
]
}
}

128
2012/3xxx/CVE-2012-3058.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3058",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device reload) via IPv6 transit traffic that triggers syslog message 110003, aka Bug ID CSCua27134."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-3058",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120620 Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-asaipv6"
},
{
"name" : "1027187",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027187"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 8.4 before 8.4(4.1), 8.5 before 8.5(1.11), and 8.6 before 8.6(1.3) allow remote attackers to cause a denial of service (device reload) via IPv6 transit traffic that triggers syslog message 110003, aka Bug ID CSCua27134."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120620 Cisco ASA 5500 Series Adaptive Security Appliances and Cisco Catalyst 6500 Series ASA Services Module Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120620-asaipv6"
},
{
"name": "1027187",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027187"
}
]
}
}

32
2012/3xxx/CVE-2012-3902.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3902",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3902",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

278
2012/3xxx/CVE-2012-3993.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an \"XrayWrapper pollution\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-83.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-83.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=768101",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=768101"
},
{
"name" : "MDVSA-2012:163",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163"
},
{
"name" : "RHSA-2012:1351",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1351.html"
},
{
"name" : "SUSE-SU-2012:1351",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"
},
{
"name" : "USN-1611-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1611-1"
},
{
"name" : "56119",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56119"
},
{
"name" : "86111",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86111"
},
{
"name" : "oval:org.mitre.oval:def:16718",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16718"
},
{
"name" : "50856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50856"
},
{
"name" : "50892",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50892"
},
{
"name" : "50904",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50904"
},
{
"name" : "50935",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50935"
},
{
"name" : "50936",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50936"
},
{
"name" : "50984",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50984"
},
{
"name" : "55318",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/55318"
},
{
"name" : "firefox-cow-privilege-escalation(79153)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79153"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 does not properly interact with failures of InstallTrigger methods, which allows remote attackers to execute arbitrary JavaScript code with chrome privileges via a crafted web site, related to an \"XrayWrapper pollution\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50904",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50904"
},
{
"name": "50984",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50984"
},
{
"name": "50935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50935"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-83.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-83.html"
},
{
"name": "50856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50856"
},
{
"name": "50892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50892"
},
{
"name": "oval:org.mitre.oval:def:16718",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16718"
},
{
"name": "RHSA-2012:1351",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html"
},
{
"name": "firefox-cow-privilege-escalation(79153)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79153"
},
{
"name": "50936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50936"
},
{
"name": "86111",
"refsource": "OSVDB",
"url": "http://osvdb.org/86111"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=768101",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=768101"
},
{
"name": "55318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55318"
},
{
"name": "SUSE-SU-2012:1351",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"
},
{
"name": "MDVSA-2012:163",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163"
},
{
"name": "USN-1611-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1611-1"
},
{
"name": "56119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56119"
}
]
}
}

128
2012/6xxx/CVE-2012-6026.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6026",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via crafted HTTP requests, aka Bug ID CSCuc62460."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-6026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=28436",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=28436"
},
{
"name" : "20130228 Cisco Aironet Access Point Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6026"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via crafted HTTP requests, aka Bug ID CSCuc62460."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28436",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=28436"
},
{
"name": "20130228 Cisco Aironet Access Point Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6026"
}
]
}
}

178
2012/6xxx/CVE-2012-6057.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6057",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6057",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-eigrp.c?r1=45408&r2=45407&pathrev=45408",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-eigrp.c?r1=45408&r2=45407&pathrev=45408"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45408",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45408"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2012-34.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2012-34.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7800",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7800"
},
{
"name" : "openSUSE-SU-2012:1633",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html"
},
{
"name" : "openSUSE-SU-2013:0151",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html"
},
{
"name" : "oval:org.mitre.oval:def:15883",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15883"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dissect_eigrp_metric_comm function in epan/dissectors/packet-eigrp.c in the EIGRP dissector in Wireshark 1.8.x before 1.8.4 uses the wrong data type for a certain offset value, which allows remote attackers to cause a denial of service (integer overflow and infinite loop) via a malformed packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-eigrp.c?r1=45408&r2=45407&pathrev=45408",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-eigrp.c?r1=45408&r2=45407&pathrev=45408"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2012-34.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2012-34.html"
},
{
"name": "openSUSE-SU-2012:1633",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00022.html"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45408",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=45408"
},
{
"name": "openSUSE-SU-2013:0151",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00042.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7800",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7800"
},
{
"name": "oval:org.mitre.oval:def:15883",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15883"
}
]
}
}

208
2012/6xxx/CVE-2012-6080.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6080",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/12/30/6"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name" : "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52",
"refsource" : "CONFIRM",
"url" : "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52"
},
{
"name" : "http://moinmo.in/SecurityFixes",
"refsource" : "CONFIRM",
"url" : "http://moinmo.in/SecurityFixes"
},
{
"name" : "DSA-2593",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2593"
},
{
"name" : "USN-1680-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1680-1"
},
{
"name" : "57076",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/57076"
},
{
"name" : "51663",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51663"
},
{
"name" : "51676",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51676"
},
{
"name" : "51696",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51696"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "57076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/57076"
},
{
"name": "http://moinmo.in/SecurityFixes",
"refsource": "CONFIRM",
"url": "http://moinmo.in/SecurityFixes"
},
{
"name": "51663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51663"
},
{
"name": "DSA-2593",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2593"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599"
},
{
"name": "51676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51676"
},
{
"name": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52",
"refsource": "CONFIRM",
"url": "http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52"
},
{
"name": "51696",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51696"
},
{
"name": "USN-1680-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1680-1"
},
{
"name": "[oss-security] 20121229 Re: CVE request: MoinMoin Wiki (path traversal vulnerability)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/12/30/6"
}
]
}
}

138
2012/6xxx/CVE-2012-6658.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different vulnerability types."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20063",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/20063"
},
{
"name" : "84112",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/84112"
},
{
"name" : "49978",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49978/"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the (1) syslocation, (2) syscontact, or (3) sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different vulnerability types."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49978",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49978/"
},
{
"name": "84112",
"refsource": "OSVDB",
"url": "http://osvdb.org/84112"
},
{
"name": "20063",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20063"
}
]
}
}

148
2015/5xxx/CVE-2015-5266.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150921 Moodle security release",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/09/21/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=320290",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=320290"
},
{
"name" : "1033619",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033619"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The enrol_meta_sync function in enrol/meta/locallib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to obtain manager privileges in opportunistic circumstances by leveraging incorrect role processing during a long-running sync script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=320290",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=320290"
},
{
"name": "[oss-security] 20150921 Moodle security release",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/21/1"
},
{
"name": "1033619",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033619"
}
]
}
}

178
2015/5xxx/CVE-2015-5309.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5309",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5309",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html",
"refsource" : "CONFIRM",
"url" : "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html"
},
{
"name" : "DSA-3409",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3409"
},
{
"name" : "FEDORA-2015-3d17682c15",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.html"
},
{
"name" : "FEDORA-2015-5ad4a1f151",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173094.html"
},
{
"name" : "GLSA-201606-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201606-01"
},
{
"name" : "openSUSE-SU-2015:2023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00099.html"
},
{
"name" : "1034308",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034308"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the terminal emulator in PuTTY before 0.66 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an ECH (erase characters) escape sequence with a large parameter value, which triggers a buffer underflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3409",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3409"
},
{
"name": "FEDORA-2015-3d17682c15",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173021.html"
},
{
"name": "FEDORA-2015-5ad4a1f151",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173094.html"
},
{
"name": "1034308",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034308"
},
{
"name": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html",
"refsource": "CONFIRM",
"url": "http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html"
},
{
"name": "GLSA-201606-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-01"
},
{
"name": "openSUSE-SU-2015:2023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00099.html"
}
]
}
}

138
2015/5xxx/CVE-2015-5537.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5537",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A"
},
{
"name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf"
},
{
"name" : "1033022",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033022"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033022",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033022"
},
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-396873.pdf"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-202-03A"
}
]
}
}

138
2015/5xxx/CVE-2015-5634.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5634",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://jvn.jp/en/jp/JVN83862346/995707/index.html",
"refsource" : "CONFIRM",
"url" : "http://jvn.jp/en/jp/JVN83862346/995707/index.html"
},
{
"name" : "JVN#83862346",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN83862346/index.html"
},
{
"name" : "JVNDB-2015-000132",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000132"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and before 1.1 for iOS allows attackers to bypass a URL whitelist protection mechanism and obtain API access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://jvn.jp/en/jp/JVN83862346/995707/index.html",
"refsource": "CONFIRM",
"url": "http://jvn.jp/en/jp/JVN83862346/995707/index.html"
},
{
"name": "JVNDB-2015-000132",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000132"
},
{
"name": "JVN#83862346",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN83862346/index.html"
}
]
}
}

168
2015/5xxx/CVE-2015-5851.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5851",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205267",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205267"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-30-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name" : "76764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76764"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The convenience initializer in the Multipeer Connectivity component in Apple iOS before 9 does not require an encrypted session, which allows local users to obtain cleartext multipeer data via an encrypted-to-unencrypted downgrade attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "76764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76764"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

128
2017/2xxx/CVE-2017-2211.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2211",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PatchJGD (Hyoko) (PatchJGDh101.EXE)",
"version" : {
"version_data" : [
{
"version_value" : "ver. 1.0.1"
}
]
}
}
]
},
"vendor_name" : "Geospatial Information Authority of Japan (GSI)"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PatchJGD (Hyoko) (PatchJGDh101.EXE)",
"version": {
"version_data": [
{
"version_value": "ver. 1.0.1"
}
]
}
}
]
},
"vendor_name": "Geospatial Information Authority of Japan (GSI)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html",
"refsource" : "CONFIRM",
"url" : "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html"
},
{
"name" : "JVN#52691241",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN52691241/index.html"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in PatchJGD (Hyoko) (PatchJGDh101.EXE) ver. 1.0.1 allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#52691241",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN52691241/index.html"
},
{
"name": "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html",
"refsource": "CONFIRM",
"url": "http://www.gsi.go.jp/sokuchikijun/sokuchikijun41011.html"
}
]
}
}

130
2018/11xxx/CVE-2018-11792.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-10-24T00:00:00",
"ID" : "CVE-2018-11792",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Impala",
"version" : {
"version_data" : [
{
"version_value" : "Apache Impala 3.0.0"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unauthorized access"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-10-24T00:00:00",
"ID": "CVE-2018-11792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Impala",
"version": {
"version_data": [
{
"version_value": "Apache Impala 3.0.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E",
"refsource" : "MISC",
"url" : "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E"
},
{
"name" : "105739",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105739"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. This may pose a potential security risk, such as having ALTER on a table and ALL on a particular database allows a user to move the table to a database with ALL, which will automatically grant that user with ALL privilege on that table due to the privilege inherited from the database."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unauthorized access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105739"
},
{
"name": "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/cba8f18df15af862aa07c584d8dc85c44a199fb8f460edd498059247@%3Cdev.impala.apache.org%3E"
}
]
}
}

118
2018/11xxx/CVE-2018-11899.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Validation of Array Index in Data"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "While processing radio connection status change events, Radio index is not properly validated in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile and Snapdragon Voice & Music in versions MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Validation of Array Index in Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}

32
2018/11xxx/CVE-2018-11926.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11926",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11926",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/11xxx/CVE-2018-11937.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11937",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11937",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/15xxx/CVE-2018-15035.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15035",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15035",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2018/15xxx/CVE-2018-15765.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-10-15T07:10:00.000Z",
"ID" : "CVE-2018-15765",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ESRS Virtual Edition",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "3.32.00.08"
}
]
}
}
]
},
"vendor_name" : "DELL EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "LOCAL",
"availabilityImpact" : "NONE",
"baseScore" : 3.4,
"baseSeverity" : "LOW",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "HIGH",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Exposure Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-10-15T07:10:00.000Z",
"ID": "CVE-2018-15765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESRS Virtual Edition",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "3.32.00.08"
}
]
}
}
]
},
"vendor_name": "DELL EMC"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Oct/35"
},
{
"name" : "105694",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105694"
},
{
"name" : "1041877",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041877"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication tokens for querying the application and subsequent attacks."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181015 DSA-2018-157: Dell EMC ESRS Virtual Edition Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/35"
},
{
"name": "105694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105694"
},
{
"name": "1041877",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041877"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

32
2018/15xxx/CVE-2018-15791.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15791",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-15791",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

138
2018/15xxx/CVE-2018-15919.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.'"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://seclists.org/oss-sec/2018/q3/180",
"refsource" : "MISC",
"url" : "http://seclists.org/oss-sec/2018/q3/180"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181221-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181221-0001/"
},
{
"name" : "105163",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105163"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or \"oracle\") as a vulnerability.'"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20181221-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181221-0001/"
},
{
"name": "105163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105163"
},
{
"name": "http://seclists.org/oss-sec/2018/q3/180",
"refsource": "MISC",
"url": "http://seclists.org/oss-sec/2018/q3/180"
}
]
}
}

338
2018/3xxx/CVE-2018-3169.json
View File

@ -1,172 +1,172 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181122 [SECURITY] [DLA 1590-1] openjdk-7 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181018-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181018-0001/"
},
{
"name" : "DSA-4326",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4326"
},
{
"name" : "RHSA-2018:2942",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2942"
},
{
"name" : "RHSA-2018:2943",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2943"
},
{
"name" : "RHSA-2018:3000",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3000"
},
{
"name" : "RHSA-2018:3001",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3001"
},
{
"name" : "RHSA-2018:3002",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3002"
},
{
"name" : "RHSA-2018:3003",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3003"
},
{
"name" : "RHSA-2018:3350",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3350"
},
{
"name" : "RHSA-2018:3409",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3409"
},
{
"name" : "RHSA-2018:3521",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3521"
},
{
"name" : "RHSA-2018:3533",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3533"
},
{
"name" : "RHSA-2018:3534",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3534"
},
{
"name" : "RHSA-2018:3671",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3671"
},
{
"name" : "RHSA-2018:3672",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3672"
},
{
"name" : "RHSA-2018:3779",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3779"
},
{
"name" : "RHSA-2018:3852",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3852"
},
{
"name" : "USN-3804-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3804-1/"
},
{
"name" : "USN-3824-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3824-1/"
},
{
"name" : "105587",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105587"
},
{
"name" : "1041889",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041889"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot). Supported versions that are affected are Java SE: 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181122 [SECURITY] [DLA 1590-1] openjdk-7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00026.html"
},
{
"name": "105587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105587"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
},
{
"name": "RHSA-2018:2942",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2942"
},
{
"name": "RHSA-2018:3779",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3779"
},
{
"name": "RHSA-2018:3534",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3534"
},
{
"name": "RHSA-2018:3350",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3350"
},
{
"name": "RHSA-2018:3003",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3003"
},
{
"name": "USN-3804-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3804-1/"
},
{
"name": "RHSA-2018:3002",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3002"
},
{
"name": "RHSA-2018:3671",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3671"
},
{
"name": "RHSA-2018:3852",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3852"
},
{
"name": "DSA-4326",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4326"
},
{
"name": "USN-3824-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3824-1/"
},
{
"name": "RHSA-2018:2943",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2943"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "RHSA-2018:3533",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3533"
},
{
"name": "RHSA-2018:3409",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3409"
},
{
"name": "RHSA-2018:3001",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3001"
},
{
"name": "RHSA-2018:3000",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3000"
},
{
"name": "1041889",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041889"
},
{
"name": "RHSA-2018:3672",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3672"
},
{
"name": "RHSA-2018:3521",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3521"
}
]
}
}

32
2018/3xxx/CVE-2018-3340.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3340",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3340",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/3xxx/CVE-2018-3467.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3467",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3467",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

32
2018/3xxx/CVE-2018-3660.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3660",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3660",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2018/8xxx/CVE-2018-8105.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8105",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652",
"refsource" : "MISC",
"url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652"
}
]
}
}

164
2018/8xxx/CVE-2018-8441.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka \"Windows Subsystem for Linux Elevation of Privilege Vulnerability.\" This affects Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8441",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8441"
},
{
"name" : "105271",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105271"
},
{
"name" : "1041641",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041641"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists due to an integer overflow in Windows Subsystem for Linux, aka \"Windows Subsystem for Linux Elevation of Privilege Vulnerability.\" This affects Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8441",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8441"
},
{
"name": "1041641",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041641"
},
{
"name": "105271",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105271"
}
]
}
}

164
2018/8xxx/CVE-2018-8568.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8568",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft SharePoint Server",
"version" : {
"version_data" : [
{
"version_value" : "2019"
}
]
}
},
{
"product_name" : "Microsoft SharePoint",
"version" : {
"version_data" : [
{
"version_value" : "Enterprise Server 2013 Service Pack 1"
},
{
"version_value" : "Enterprise Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2019"
}
]
}
},
{
"product_name": "Microsoft SharePoint",
"version": {
"version_data": [
{
"version_value": "Enterprise Server 2013 Service Pack 1"
},
{
"version_value": "Enterprise Server 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568"
},
{
"name" : "105829",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105829"
},
{
"name" : "1042136",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042136"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8572."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105829",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105829"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8568"
},
{
"name": "1042136",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042136"
}
]
}
}

32
2018/8xxx/CVE-2018-8746.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8746",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8746",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

118
2018/8xxx/CVE-2018-8962.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/libming/libming/issues/130",
"refsource" : "MISC",
"url" : "https://github.com/libming/libming/issues/130"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of decompile.c has a use-after-free. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted swf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libming/libming/issues/130",
"refsource": "MISC",
"url": "https://github.com/libming/libming/issues/130"
}
]
}
}