admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:41:39 +00:00
parent 573ff48abd
commit 2a70289c6a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3982 additions and 3982 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2002/0xxx/CVE-2002-0683.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a .. (dot dot) in the VBEXE parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020710 wp-02-0012: Carello 1.3 Remote File Execution",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102631808212876&w=2"
},
{
"name" : "20020710 wp-02-0012: Carello 1.3 Remote File Execution",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0015.html"
},
{
"name" : "carello-local-file-execution(9521)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9521.php"
},
{
"name" : "5192",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5192"
},
{
"name" : "6592",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/6592"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Carello 1.3 allows remote attackers to execute programs on the server via a .. (dot dot) in the VBEXE parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020710 wp-02-0012: Carello 1.3 Remote File Execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102631808212876&w=2"
},
{
"name": "5192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5192"
},
{
"name": "20020710 wp-02-0012: Carello 1.3 Remote File Execution",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0015.html"
},
{
"name": "6592",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6592"
},
{
"name": "carello-local-file-execution(9521)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9521.php"
}
]
}
}

140
2002/2xxx/CVE-2002-2365.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2365",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the \"|\" (pipe) character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020630 Simple Wais 1.11 allows users to execute commands as SWAIS deamon.",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0390.html"
},
{
"name" : "5127",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5127"
},
{
"name" : "swais-command-execution(9453)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9453.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary commands via the shell metacharacters in the search field, as demonstrated using the \"|\" (pipe) character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020630 Simple Wais 1.11 allows users to execute commands as SWAIS deamon.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0390.html"
},
{
"name": "5127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5127"
},
{
"name": "swais-command-execution(9453)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9453.php"
}
]
}
}

250
2005/0xxx/CVE-2005-0591.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka \"Firespoofing.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-0591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050111 Firespoofing [Firefox 1.0]",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110547286002188&w=2"
},
{
"name" : "http://www.mikx.de/index.php?p=7",
"refsource" : "MISC",
"url" : "http://www.mikx.de/index.php?p=7"
},
{
"name" : "http://www.mikx.de/firespoofing/",
"refsource" : "MISC",
"url" : "http://www.mikx.de/firespoofing/"
},
{
"name" : "http://www.mozilla.org/security/announce/mfsa2005-16.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/mfsa2005-16.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=260560",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=260560"
},
{
"name" : "GLSA-200503-10",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name" : "GLSA-200503-30",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name" : "RHSA-2005:176",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"name" : "RHSA-2005:384",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name" : "12234",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12234"
},
{
"name" : "oval:org.mitre.oval:def:100042",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100042"
},
{
"name" : "oval:org.mitre.oval:def:10039",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10039"
},
{
"name" : "13786",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13786"
},
{
"name" : "web-browser-modal-spoofing(18864)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18864"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka \"Firespoofing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/mfsa2005-16.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/mfsa2005-16.html"
},
{
"name": "web-browser-modal-spoofing(18864)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18864"
},
{
"name": "13786",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13786"
},
{
"name": "http://www.mikx.de/firespoofing/",
"refsource": "MISC",
"url": "http://www.mikx.de/firespoofing/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=260560",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=260560"
},
{
"name": "20050111 Firespoofing [Firefox 1.0]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110547286002188&w=2"
},
{
"name": "12234",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12234"
},
{
"name": "RHSA-2005:176",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"name": "oval:org.mitre.oval:def:100042",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100042"
},
{
"name": "RHSA-2005:384",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name": "GLSA-200503-30",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name": "oval:org.mitre.oval:def:10039",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10039"
},
{
"name": "GLSA-200503-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name": "http://www.mikx.de/index.php?p=7",
"refsource": "MISC",
"url": "http://www.mikx.de/index.php?p=7"
}
]
}
}

120
2005/1xxx/CVE-2005-1039.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1039",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13053",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13053"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13053",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13053"
}
]
}
}

150
2005/1xxx/CVE-2005-1199.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1199",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in printthread.php in UBB.Threads allows remote attackers to execute arbitrary SQL commands via the main parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050419 UBB Thread printthread.php SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111393619021575&w=2"
},
{
"name" : "13253",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13253"
},
{
"name" : "15698",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15698"
},
{
"name" : "15024",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15024"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in printthread.php in UBB.Threads allows remote attackers to execute arbitrary SQL commands via the main parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15698",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15698"
},
{
"name": "15024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15024"
},
{
"name": "13253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13253"
},
{
"name": "20050419 UBB Thread printthread.php SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111393619021575&w=2"
}
]
}
}

160
2005/1xxx/CVE-2005-1442.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1442",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1442",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202526",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202526"
},
{
"name" : "13447",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13447"
},
{
"name" : "15367",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15367"
},
{
"name" : "1013841",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/1013841"
},
{
"name" : "lotus-notesini-bo(20044)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20044"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13447"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202526",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21202526"
},
{
"name": "15367",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15367"
},
{
"name": "lotus-notesini-bo(20044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20044"
},
{
"name": "1013841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/1013841"
}
]
}
}

160
2005/1xxx/CVE-2005-1558.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web module in Neteyes Nexusway allows remote attackers to bypass authentication and gain administrator privileges by setting the cyclone500_auth cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050511 [Scan Associates Advisory] Neteyes Nexusway multiple vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111585017832066&w=2"
},
{
"name" : "20050510 [Scan Associates Advisory] Neteyes Nexusway multiple vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0225.html"
},
{
"name" : "16446",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16446"
},
{
"name" : "15150",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15150"
},
{
"name" : "nexusway-configuration-modification(20554)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20554"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web module in Neteyes Nexusway allows remote attackers to bypass authentication and gain administrator privileges by setting the cyclone500_auth cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050510 [Scan Associates Advisory] Neteyes Nexusway multiple vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0225.html"
},
{
"name": "15150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15150"
},
{
"name": "20050511 [Scan Associates Advisory] Neteyes Nexusway multiple vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111585017832066&w=2"
},
{
"name": "16446",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16446"
},
{
"name": "nexusway-configuration-modification(20554)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20554"
}
]
}
}

130
2005/1xxx/CVE-2005-1798.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1798",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.rgod.altervista.org/hacking/news/serverscheck.html",
"refsource" : "MISC",
"url" : "http://www.rgod.altervista.org/hacking/news/serverscheck.html"
},
{
"name" : "1014075",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014075"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rgod.altervista.org/hacking/news/serverscheck.html",
"refsource": "MISC",
"url": "http://www.rgod.altervista.org/hacking/news/serverscheck.html"
},
{
"name": "1014075",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014075"
}
]
}
}

34
2005/4xxx/CVE-2005-4115.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4115",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-4115",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}

140
2005/4xxx/CVE-2005-4766.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4766",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "BEA05-103.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/157"
},
{
"name" : "15052",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15052"
},
{
"name" : "17138",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA05-103.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/157"
},
{
"name": "15052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15052"
},
{
"name": "17138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17138"
}
]
}
}

310
2005/4xxx/CVE-2005-4881.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4881",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[bk-commits-head] 20050629 [NETLINK]: Missing initializations in dumped data",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=git-commits-head&m=112002138324380"
},
{
"name" : "[oss-security] 20090905 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/09/05/2"
},
{
"name" : "[oss-security] 20090906 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/09/06/2"
},
{
"name" : "[oss-security] 20090907 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/09/07/2"
},
{
"name" : "[oss-security] 20090916 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/09/17/1"
},
{
"name" : "[oss-security] 20090917 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/09/17/9"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=0f3f2328f63c521fe4b435f148687452f98b2349",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=0f3f2328f63c521fe4b435f148687452f98b2349"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=3408cce0c2f380884070896420ca566704452fb5",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=3408cce0c2f380884070896420ca566704452fb5"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a47077a0b5aa2649751c46e7a27884e6686ccbf",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a47077a0b5aa2649751c46e7a27884e6686ccbf"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b3563c4fbff906991a1b4ef4609f99cca2a0de6a",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b3563c4fbff906991a1b4ef4609f99cca2a0de6a"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=521601",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=521601"
},
{
"name" : "RHSA-2009:1522",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1522.html"
},
{
"name" : "SUSE-SA:2009:064",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"name" : "oval:org.mitre.oval:def:11744",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11744"
},
{
"name" : "37909",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37909"
},
{
"name" : "37084",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37084"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090917 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/09/17/9"
},
{
"name": "[oss-security] 20090916 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/09/17/1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=30e744716c4a6cc4e8ecaaddf68f20057c03dc8d"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9ef1d4c7c7aca1cd436612b6ca785b726ffb8ed8"
},
{
"name": "37084",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37084"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.13/ChangeLog-2.6.13-rc1"
},
{
"name": "RHSA-2009:1522",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1522.html"
},
{
"name": "37909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37909"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.6"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=3408cce0c2f380884070896420ca566704452fb5",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=3408cce0c2f380884070896420ca566704452fb5"
},
{
"name": "oval:org.mitre.oval:def:11744",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11744"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=521601",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=521601"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a47077a0b5aa2649751c46e7a27884e6686ccbf",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a47077a0b5aa2649751c46e7a27884e6686ccbf"
},
{
"name": "SUSE-SA:2009:064",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html"
},
{
"name": "[bk-commits-head] 20050629 [NETLINK]: Missing initializations in dumped data",
"refsource": "MLIST",
"url": "http://marc.info/?l=git-commits-head&m=112002138324380"
},
{
"name": "[oss-security] 20090906 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/09/06/2"
},
{
"name": "[oss-security] 20090907 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/09/07/2"
},
{
"name": "[oss-security] 20090905 Re: CVE request: kernel: tc: uninitialised kernel memory leak",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/09/05/2"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=0f3f2328f63c521fe4b435f148687452f98b2349",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=0f3f2328f63c521fe4b435f148687452f98b2349"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b3563c4fbff906991a1b4ef4609f99cca2a0de6a",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b3563c4fbff906991a1b4ef4609f99cca2a0de6a"
}
]
}
}

240
2009/0xxx/CVE-2009-0164.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0164",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090417 rPSA-2009-0061-1 cups",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=263070",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=263070"
},
{
"name" : "http://www.cups.org/articles.php?L582",
"refsource" : "CONFIRM",
"url" : "http://www.cups.org/articles.php?L582"
},
{
"name" : "http://www.cups.org/str.php?L3118",
"refsource" : "CONFIRM",
"url" : "http://www.cups.org/str.php?L3118"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=490597",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=490597"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0061",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"name" : "http://support.apple.com/kb/HT3549",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3549"
},
{
"name" : "APPLE-SA-2009-05-12",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name" : "GLSA-200904-20",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"name" : "TA09-133A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name" : "34665",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34665"
},
{
"name" : "35074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35074"
},
{
"name" : "ADV-2009-1297",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1297"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=490597",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490597"
},
{
"name": "GLSA-200904-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"name": "http://www.cups.org/str.php?L3118",
"refsource": "CONFIRM",
"url": "http://www.cups.org/str.php?L3118"
},
{
"name": "http://www.cups.org/articles.php?L582",
"refsource": "CONFIRM",
"url": "http://www.cups.org/articles.php?L582"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0061",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "20090417 rPSA-2009-0061-1 cups",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=263070",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=263070"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "34665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34665"
}
]
}
}

510
2009/0xxx/CVE-2009-0166.json
View File

@ -1,257 +1,257 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0166",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090417 rPSA-2009-0061-1 cups",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=490625",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=490625"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0061",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"name" : "DSA-1790",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1790"
},
{
"name" : "DSA-1793",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1793"
},
{
"name" : "FEDORA-2009-6973",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name" : "FEDORA-2009-6982",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name" : "FEDORA-2009-6972",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name" : "GLSA-200904-20",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"name" : "MDVSA-2009:101",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name" : "MDVSA-2010:087",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name" : "RHSA-2009:0430",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name" : "RHSA-2009:0429",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name" : "RHSA-2009:0431",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name" : "RHSA-2009:0458",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name" : "RHSA-2009:0480",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name" : "SSA:2009-129-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477"
},
{
"name" : "SUSE-SA:2009:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name" : "SUSE-SR:2009:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name" : "SUSE-SR:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name" : "34568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34568"
},
{
"name" : "oval:org.mitre.oval:def:9778",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9778"
},
{
"name" : "1022073",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022073"
},
{
"name" : "34755",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34755"
},
{
"name" : "34291",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34291"
},
{
"name" : "34481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34481"
},
{
"name" : "34852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34852"
},
{
"name" : "34756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34756"
},
{
"name" : "34959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34959"
},
{
"name" : "34963",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34963"
},
{
"name" : "35037",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35037"
},
{
"name" : "35065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35065"
},
{
"name" : "34991",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34991"
},
{
"name" : "35064",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35064"
},
{
"name" : "35618",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35618"
},
{
"name" : "35685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35685"
},
{
"name" : "ADV-2009-1065",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name" : "ADV-2009-1066",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name" : "ADV-2009-1077",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name" : "ADV-2010-1040",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1040"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1793",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "GLSA-200904-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-20.xml"
},
{
"name": "34963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0061",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0061"
},
{
"name": "RHSA-2009:0430",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35618"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "34568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "20090417 rPSA-2009-0061-1 cups",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502750/100/0/threaded"
},
{
"name": "ADV-2010-1040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34991"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=490625",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=490625"
},
{
"name": "MDVSA-2009:101",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "34756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34959"
},
{
"name": "oval:org.mitre.oval:def:9778",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9778"
},
{
"name": "RHSA-2009:0429",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022073"
}
]
}
}

200
2009/0xxx/CVE-2009-0819.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0819",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via \"an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML(),\" which triggers an assertion failure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.mysql.com/bug.php?id=42495",
"refsource" : "CONFIRM",
"url" : "http://bugs.mysql.com/bug.php?id=42495"
},
{
"name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html",
"refsource" : "CONFIRM",
"url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html"
},
{
"name" : "http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html",
"refsource" : "CONFIRM",
"url" : "http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html"
},
{
"name" : "33972",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33972"
},
{
"name" : "oval:org.mitre.oval:def:7544",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7544"
},
{
"name" : "1021786",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021786"
},
{
"name" : "34115",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34115"
},
{
"name" : "ADV-2009-0594",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0594"
},
{
"name" : "mysql-xpath-dos(49050)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49050"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via \"an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML(),\" which triggers an assertion failure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-32.html"
},
{
"name": "http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/6.0/en/news-6-0-10.html"
},
{
"name": "mysql-xpath-dos(49050)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49050"
},
{
"name": "34115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34115"
},
{
"name": "ADV-2009-0594",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0594"
},
{
"name": "http://bugs.mysql.com/bug.php?id=42495",
"refsource": "CONFIRM",
"url": "http://bugs.mysql.com/bug.php?id=42495"
},
{
"name": "33972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33972"
},
{
"name": "1021786",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021786"
},
{
"name": "oval:org.mitre.oval:def:7544",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7544"
}
]
}
}

190
2009/0xxx/CVE-2009-0956.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0956",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of size zero."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3591",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3591"
},
{
"name" : "APPLE-SA-2009-06-01-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html"
},
{
"name" : "35162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35162"
},
{
"name" : "oval:org.mitre.oval:def:16188",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16188"
},
{
"name" : "1022314",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022314"
},
{
"name" : "35091",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35091"
},
{
"name" : "ADV-2009-1469",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1469"
},
{
"name" : "quicktime-userdata-code-execution(50896)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50896"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a movie containing a user data atom of size zero."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35091"
},
{
"name": "oval:org.mitre.oval:def:16188",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16188"
},
{
"name": "http://support.apple.com/kb/HT3591",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3591"
},
{
"name": "1022314",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022314"
},
{
"name": "ADV-2009-1469",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1469"
},
{
"name": "35162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35162"
},
{
"name": "quicktime-userdata-code-execution(50896)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50896"
},
{
"name": "APPLE-SA-2009-06-01-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00000.html"
}
]
}
}

190
2009/1xxx/CVE-2009-1408.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1408",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090416 webSPELL 4.2.0c XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502732/100/0/threaded"
},
{
"name" : "8453",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8453"
},
{
"name" : "http://www.webspell.org/index.php?site=files&file=25",
"refsource" : "CONFIRM",
"url" : "http://www.webspell.org/index.php?site=files&file=25"
},
{
"name" : "http://www.webspell.org/index.php?site=news_comments&newsID=126&lang=uk",
"refsource" : "CONFIRM",
"url" : "http://www.webspell.org/index.php?site=news_comments&newsID=126&lang=uk"
},
{
"name" : "34595",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34595"
},
{
"name" : "53782",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53782"
},
{
"name" : "34764",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34764"
},
{
"name" : "webspell-bbcode-xss(49937)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49937"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using (1) email, (2) img, and (3) url tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53782",
"refsource": "OSVDB",
"url": "http://osvdb.org/53782"
},
{
"name": "8453",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8453"
},
{
"name": "34764",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34764"
},
{
"name": "http://www.webspell.org/index.php?site=news_comments&newsID=126&lang=uk",
"refsource": "CONFIRM",
"url": "http://www.webspell.org/index.php?site=news_comments&newsID=126&lang=uk"
},
{
"name": "34595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34595"
},
{
"name": "20090416 webSPELL 4.2.0c XSS (BYPASS BBCODE) COOKIES STEALING VULNERABILITY",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502732/100/0/threaded"
},
{
"name": "http://www.webspell.org/index.php?site=files&file=25",
"refsource": "CONFIRM",
"url": "http://www.webspell.org/index.php?site=files&file=25"
},
{
"name": "webspell-bbcode-xss(49937)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49937"
}
]
}
}

230
2009/1xxx/CVE-2009-1700.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1700",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1700",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3613",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3613"
},
{
"name" : "http://support.apple.com/kb/HT3639",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3639"
},
{
"name" : "APPLE-SA-2009-06-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name" : "APPLE-SA-2009-06-17-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "35260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35260"
},
{
"name" : "54973",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54973"
},
{
"name" : "35379",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35379"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2009-1522",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name" : "ADV-2009-1621",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 does not properly handle redirects, which allows remote attackers to read XML content from arbitrary web pages via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "54973",
"refsource": "OSVDB",
"url": "http://osvdb.org/54973"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
}
]
}
}

140
2009/1xxx/CVE-2009-1771.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1771",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8714",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8714"
},
{
"name" : "35011",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35011"
},
{
"name" : "ADV-2009-1367",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1367"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.php in Flyspeck CMS 6.8 does not require administrative authentication for the updateExistingContent action, which allows remote attackers to create or modify admin accounts via the (1) users[fullname], (2) users[email], (3) users[role_id], (4) users[username], and (5) users[password] parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8714",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8714"
},
{
"name": "35011",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35011"
},
{
"name": "ADV-2009-1367",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1367"
}
]
}
}

150
2009/1xxx/CVE-2009-1814.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1814",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8706",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8706"
},
{
"name" : "34996",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34996"
},
{
"name" : "18269",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18269"
},
{
"name" : "ADV-2009-1342",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1342"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1342",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1342"
},
{
"name": "8706",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8706"
},
{
"name": "34996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34996"
},
{
"name": "18269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18269"
}
]
}
}

160
2009/4xxx/CVE-2009-4457.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4457",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the Vsftpd Webmin module before 1.3b for the Vsftpd server have unknown impact and attack vectors related to \"Some security issues.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4457",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://freshmeat.net/projects/vsftpdwebmin/releases/310064",
"refsource" : "CONFIRM",
"url" : "http://freshmeat.net/projects/vsftpdwebmin/releases/310064"
},
{
"name" : "41443",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/41443"
},
{
"name" : "61362",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61362"
},
{
"name" : "37991",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37991"
},
{
"name" : "ADV-2009-3650",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3650"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Vsftpd Webmin module before 1.3b for the Vsftpd server have unknown impact and attack vectors related to \"Some security issues.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37991"
},
{
"name": "41443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/41443"
},
{
"name": "http://freshmeat.net/projects/vsftpdwebmin/releases/310064",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/vsftpdwebmin/releases/310064"
},
{
"name": "ADV-2009-3650",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3650"
},
{
"name": "61362",
"refsource": "OSVDB",
"url": "http://osvdb.org/61362"
}
]
}
}

120
2009/4xxx/CVE-2009-4952.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4952",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
]
}
}

180
2009/5xxx/CVE-2009-5078.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5078",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090809 CVE id request: groff (pdfroff)",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2009/08/09/1"
},
{
"name" : "[oss-security] 20090810 Re: CVE id request: groff (pdfroff)",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2009/08/10/2"
},
{
"name" : "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338"
},
{
"name" : "https://support.apple.com/kb/HT205031",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205031"
},
{
"name" : "APPLE-SA-2015-08-13-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name" : "36381",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36381"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090809 CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/09/1"
},
{
"name": "[oss-security] 20090810 Re: CVE id request: groff (pdfroff)",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/08/10/2"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=538338"
},
{
"name": "36381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36381"
},
{
"name": "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz",
"refsource": "CONFIRM",
"url": "ftp://ftp.gnu.org/gnu/groff/groff-1.20.1-1.21.diff.gz"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
}
]
}
}

150
2012/2xxx/CVE-2012-2268.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2268",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted Open-PDU request that triggers incorrect DisplayString processing, a different vulnerability than CVE-2012-1923."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secunia.com/secunia_research/2012-9/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2012-9/"
},
{
"name" : "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf",
"refsource" : "CONFIRM",
"url" : "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf"
},
{
"name" : "52929",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52929"
},
{
"name" : "1026898",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026898"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "master.exe in the SNMP Master Agent in RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x allows remote attackers to cause a denial of service (unhandled exception and daemon crash) via a crafted Open-PDU request that triggers incorrect DisplayString processing, a different vulnerability than CVE-2012-1923."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52929"
},
{
"name": "1026898",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026898"
},
{
"name": "http://secunia.com/secunia_research/2012-9/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2012-9/"
},
{
"name": "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf",
"refsource": "CONFIRM",
"url": "http://helixproducts.real.com/docs/security/SecurityUpdate04022012HS.pdf"
}
]
}
}

34
2012/2xxx/CVE-2012-2639.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2639",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4940. Reason: This candidate is a reservation duplicate of CVE-2011-4940. Notes: All CVE users should reference CVE-2011-4940 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-2639",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4940. Reason: This candidate is a reservation duplicate of CVE-2011-4940. Notes: All CVE users should reference CVE-2011-4940 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

34
2012/2xxx/CVE-2012-2754.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2754",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2754",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2012/3xxx/CVE-2012-3003.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
},
{
"name" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in an unspecified web application in Siemens WinCC 7.0 SP3 before Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in a GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-223158.pdf"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-158-01.pdf"
}
]
}
}

170
2012/3xxx/CVE-2012-3130.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3130",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to pkg.depotd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "54559",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54559"
},
{
"name" : "83931",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/83931"
},
{
"name" : "1027274",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027274"
},
{
"name" : "solaris-pkgdepotd1m-cve20123130(77053)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77053"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to pkg.depotd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54559",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54559"
},
{
"name": "solaris-pkgdepotd1m-cve20123130(77053)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77053"
},
{
"name": "83931",
"refsource": "OSVDB",
"url": "http://osvdb.org/83931"
},
{
"name": "1027274",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027274"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

200
2012/3xxx/CVE-2012-3651.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5502",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5502"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name" : "APPLE-SA-2012-09-19-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name" : "55534",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55534"
},
{
"name" : "oval:org.mitre.oval:def:17163",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17163"
},
{
"name" : "apple-itunes-webkit-cve20123651(78535)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78535"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name": "oval:org.mitre.oval:def:17163",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17163"
},
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "http://support.apple.com/kb/HT5502",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5502"
},
{
"name": "apple-itunes-webkit-cve20123651(78535)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78535"
},
{
"name": "55534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55534"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
}
]
}
}

160
2012/3xxx/CVE-2012-3950.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS packets, aka Bug ID CSCtw55976."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-3950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120926 Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ios-ips"
},
{
"name" : "55695",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55695"
},
{
"name" : "1027580",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027580"
},
{
"name" : "50777",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50777"
},
{
"name" : "ciscoios-ips-dos(78882)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78882"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 through 12.4 and 15.0 through 15.2, in certain configurations of enabled categories and missing signatures, allows remote attackers to cause a denial of service (device reload) via DNS packets, aka Bug ID CSCtw55976."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120926 Cisco IOS Software Intrusion Prevention System Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120926-ios-ips"
},
{
"name": "55695",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55695"
},
{
"name": "ciscoios-ips-dos(78882)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78882"
},
{
"name": "50777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50777"
},
{
"name": "1027580",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027580"
}
]
}
}

34
2012/6xxx/CVE-2012-6123.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6123",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6123",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/6xxx/CVE-2012-6127.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6127",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This was originally reported as an issue in jakarta-commons-httpclient involving wildcard matching in the SSL hostname verifier, but further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6127",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This was originally reported as an issue in jakarta-commons-httpclient involving wildcard matching in the SSL hostname verifier, but further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

170
2012/6xxx/CVE-2012-6129.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2013/02/13/1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=909934",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
},
{
"name" : "https://trac.transmissionbt.com/changeset/13646",
"refsource" : "MISC",
"url" : "https://trac.transmissionbt.com/changeset/13646"
},
{
"name" : "https://trac.transmissionbt.com/ticket/5002",
"refsource" : "MISC",
"url" : "https://trac.transmissionbt.com/ticket/5002"
},
{
"name" : "openSUSE-SU-2013:0485",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
},
{
"name" : "USN-1747-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1747-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted \"micro transport protocol packets.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2013:0485",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-03/msg00064.html"
},
{
"name": "https://trac.transmissionbt.com/ticket/5002",
"refsource": "MISC",
"url": "https://trac.transmissionbt.com/ticket/5002"
},
{
"name": "USN-1747-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1747-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=909934",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=909934"
},
{
"name": "[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/02/13/1"
},
{
"name": "https://trac.transmissionbt.com/changeset/13646",
"refsource": "MISC",
"url": "https://trac.transmissionbt.com/changeset/13646"
}
]
}
}

120
2012/6xxx/CVE-2012-6584.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6584",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to (1) demo2/search.php or (2) search.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "22713",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/22713/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to (1) demo2/search.php or (2) search.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22713",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/22713/"
}
]
}
}

130
2015/5xxx/CVE-2015-5045.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5045",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Administration and Reporting tool in IBM Rational License Key Server (RLKS) before 8.1.4.9 iFix 04 allows local users to obtain sensitive information via unspecified vectors. IBM X-Force ID: 106938."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5045",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982895",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21982895"
},
{
"name" : "ibm-rcl-cve20155045-info-disc(106938)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/106938"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Administration and Reporting tool in IBM Rational License Key Server (RLKS) before 8.1.4.9 iFix 04 allows local users to obtain sensitive information via unspecified vectors. IBM X-Force ID: 106938."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21982895",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21982895"
},
{
"name": "ibm-rcl-cve20155045-info-disc(106938)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106938"
}
]
}
}

240
2015/5xxx/CVE-2015-5582.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5582",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5588, and CVE-2015-6677."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-5582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
},
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "GLSA-201509-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201509-07"
},
{
"name" : "RHSA-2015:1814",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
},
{
"name" : "openSUSE-SU-2015:1781",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name" : "SUSE-SU-2015:1614",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
},
{
"name" : "SUSE-SU-2015:1618",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
},
{
"name" : "openSUSE-SU-2015:1616",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
},
{
"name" : "76799",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76799"
},
{
"name" : "1033629",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033629"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5575, CVE-2015-5577, CVE-2015-5578, CVE-2015-5580, CVE-2015-5588, and CVE-2015-6677."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1814",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "openSUSE-SU-2015:1616",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
},
{
"name": "1033629",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033629"
},
{
"name": "SUSE-SU-2015:1618",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
},
{
"name": "76799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76799"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
},
{
"name": "SUSE-SU-2015:1614",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
},
{
"name": "GLSA-201509-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-07"
},
{
"name": "openSUSE-SU-2015:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
}
]
}
}

150
2015/5xxx/CVE-2015-5766.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5766",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5766",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT205030",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205030"
},
{
"name" : "APPLE-SA-2015-08-13-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name" : "76337",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76337"
},
{
"name" : "1033275",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT205030",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205030"
},
{
"name": "1033275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name": "76337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76337"
},
{
"name": "APPLE-SA-2015-08-13-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
}
]
}
}

170
2015/5xxx/CVE-2015-5837.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5837",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205213",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205213"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name" : "76764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76764"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PluginKit in Apple iOS before 9 allows attackers to bypass an intended app-trust requirement and install arbitrary extensions via a crafted enterprise app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "76764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76764"
},
{
"name": "APPLE-SA-2015-09-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name": "https://support.apple.com/HT205213",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205213"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

190
2017/2xxx/CVE-2017-2355.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2355",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207481",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207481"
},
{
"name" : "https://support.apple.com/HT207482",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207482"
},
{
"name" : "https://support.apple.com/HT207484",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207484"
},
{
"name" : "https://support.apple.com/HT207485",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207485"
},
{
"name" : "https://support.apple.com/HT207486",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207486"
},
{
"name" : "GLSA-201706-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-15"
},
{
"name" : "95736",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95736"
},
{
"name" : "1037668",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037668"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes before 12.5.5 is affected. tvOS before 10.1.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access and application crash) via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "95736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95736"
},
{
"name": "https://support.apple.com/HT207486",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207486"
},
{
"name": "https://support.apple.com/HT207485",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207485"
},
{
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name": "https://support.apple.com/HT207481",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207481"
},
{
"name": "https://support.apple.com/HT207484",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207484"
},
{
"name": "https://support.apple.com/HT207482",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207482"
},
{
"name": "1037668",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037668"
}
]
}
}

130
2018/11xxx/CVE-2018-11376.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11376",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf"
},
{
"name" : "https://github.com/radare/radare2/issues/9904",
"refsource" : "MISC",
"url" : "https://github.com/radare/radare2/issues/9904"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/radare/radare2/issues/9904",
"refsource": "MISC",
"url": "https://github.com/radare/radare2/issues/9904"
},
{
"name": "https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf",
"refsource": "MISC",
"url": "https://github.com/radare/radare2/commit/1f37c04f2a762500222dda2459e6a04646feeedf"
}
]
}
}

120
2018/11xxx/CVE-2018-11438.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180528 libmobi 0.3 vulns",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/48"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180528 libmobi 0.3 vulns",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/48"
}
]
}
}

130
2018/11xxx/CVE-2018-11868.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in nan response event handler."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy Without Checking Size of Input in WLAN"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8a0be9d79cfaa4c4df2695023ba518c540381e80",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8a0be9d79cfaa4c4df2695023ba518c540381e80"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in nan response event handler."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8a0be9d79cfaa4c4df2695023ba518c540381e80",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=8a0be9d79cfaa4c4df2695023ba518c540381e80"
}
]
}
}

130
2018/11xxx/CVE-2018-11903.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11903",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Validation of Array Index in WLAN"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=84cd3bee44fa37b196cfad8b15d858408534862d",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=84cd3bee44fa37b196cfad8b15d858408534862d"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Validation of Array Index in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=84cd3bee44fa37b196cfad8b15d858408534862d",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=84cd3bee44fa37b196cfad8b15d858408534862d"
}
]
}
}

34
2018/15xxx/CVE-2018-15018.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15018",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15018",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

156
2018/15xxx/CVE-2018-15376.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-09-26T16:00:00-0500",
"ID" : "CVE-2018-15376",
"STATE" : "PUBLIC",
"TITLE" : "Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerabilities"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco IOS Software",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "6.7",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-123"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-09-26T16:00:00-0500",
"ID": "CVE-2018-15376",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180926 Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerabilities",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ir800-memwrite"
}
]
},
"source" : {
"advisory" : "cisco-sa-20180926-ir800-memwrite",
"defect" : [
[
"CSCuy10473",
"CSCvc82464"
]
],
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the embedded test subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers could allow an authenticated, local attacker to write arbitrary values to arbitrary locations in the memory space of an affected device. The vulnerability is due to the presence of certain test commands that were intended to be available only in internal development builds of the affected software. An attacker could exploit this vulnerability by using these commands on an affected device. A successful exploit could allow the attacker to write arbitrary values to arbitrary locations in the memory space of the affected device."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.7",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-123"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180926 Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers Arbitrary Memory Write Vulnerabilities",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180926-ir800-memwrite"
}
]
},
"source": {
"advisory": "cisco-sa-20180926-ir800-memwrite",
"defect": [
[
"CSCuy10473",
"CSCvc82464"
]
],
"discovery": "UNKNOWN"
}
}

122
2018/15xxx/CVE-2018-15715.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-11-29T00:00:00",
"ID" : "CVE-2018-15715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Zoom",
"version" : {
"version_data" : [
{
"version_value" : "Zoom on Windows before version 4.1.34814.1119, Zoom on Mac OS before version 4.1.34801.1116, Zoom on Linux version 2.4.129780.0915 and below."
}
]
}
}
]
},
"vendor_name" : "Zoom"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-290 Authentication Bypass by Spoofing"
}
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-11-29T00:00:00",
"ID": "CVE-2018-15715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zoom",
"version": {
"version_data": [
{
"version_value": "Zoom on Windows before version 4.1.34814.1119, Zoom on Mac OS before version 4.1.34801.1116, Zoom on Linux version 2.4.129780.0915 and below."
}
]
}
}
]
},
"vendor_name": "Zoom"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-40",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-40"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zoom clients on Windows (before version 4.1.34814.1119), Mac OS (before version 4.1.34801.1116), and Linux (2.4.129780.0915 and below) are vulnerable to unauthorized message processing. A remote unauthenticated attacker can spoof UDP messages from a meeting attendee or Zoom server in order to invoke functionality in the target client. This allows the attacker to remove attendees from meetings, spoof messages from users, or hijack shared screens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-290 Authentication Bypass by Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-40",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-40"
}
]
}
}

120
2018/15xxx/CVE-2018-15846.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15846",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/mattiapazienti/fledrCMS/issues/2",
"refsource" : "MISC",
"url" : "https://github.com/mattiapazienti/fledrCMS/issues/2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mattiapazienti/fledrCMS/issues/2",
"refsource": "MISC",
"url": "https://github.com/mattiapazienti/fledrCMS/issues/2"
}
]
}
}

34
2018/3xxx/CVE-2018-3816.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3816",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3816",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

378
2018/8xxx/CVE-2018-8127.json
View File

@ -1,191 +1,191 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8127",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8127",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8127"
},
{
"name" : "104040",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104040"
},
{
"name" : "1040849",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040849"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8141."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040849"
},
{
"name": "104040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104040"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8127",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8127"
}
]
}
}

34
2018/8xxx/CVE-2018-8363.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8363",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8363",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

256
2018/8xxx/CVE-2018-8588.json
View File

@ -1,130 +1,130 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8588",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value" : "Windows Server 2016"
},
{
"version_value" : "Windows Server 2019"
}
]
}
},
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
{
"version_value" : "ChakraCore"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"version_value": "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value": "Windows Server 2016"
},
{
"version_value": "Windows Server 2019"
}
]
}
},
{
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value": "ChakraCore"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8588",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8588"
},
{
"name" : "105782",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105782"
},
{
"name" : "1042107",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042107"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8541, CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1042107",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042107"
},
{
"name": "105782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105782"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8588",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8588"
}
]
}
}

140
2018/8xxx/CVE-2018-8710.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8710",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the \"shortcode\" parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8710",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://sec-consult.com/en/blog/advisories/arbitrary-shortcode-execution-local-file-inclusion-in-woof-pluginus-net/index.html",
"refsource" : "MISC",
"url" : "https://sec-consult.com/en/blog/advisories/arbitrary-shortcode-execution-local-file-inclusion-in-woof-pluginus-net/index.html"
},
{
"name" : "https://wordpress.org/plugins/woocommerce-products-filter/#developers",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/woocommerce-products-filter/#developers"
},
{
"name" : "https://www.woocommerce-filter.com/update-woocommerce-products-filter-v-2-2-0/",
"refsource" : "MISC",
"url" : "https://www.woocommerce-filter.com/update-woocommerce-products-filter-v-2-2-0/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution issue was discovered in the WooCommerce Products Filter (aka WOOF) plugin before 2.2.0 for WordPress, as demonstrated by the shortcode parameter in a woof_redraw_woof action. The plugin implemented a page redraw AJAX function accessible to anyone without any authentication. WordPress shortcode markup in the \"shortcode\" parameters would be evaluated. Normally unauthenticated users can't evaluate shortcodes as they are often sensitive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/woocommerce-products-filter/#developers",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/woocommerce-products-filter/#developers"
},
{
"name": "https://sec-consult.com/en/blog/advisories/arbitrary-shortcode-execution-local-file-inclusion-in-woof-pluginus-net/index.html",
"refsource": "MISC",
"url": "https://sec-consult.com/en/blog/advisories/arbitrary-shortcode-execution-local-file-inclusion-in-woof-pluginus-net/index.html"
},
{
"name": "https://www.woocommerce-filter.com/update-woocommerce-products-filter-v-2-2-0/",
"refsource": "MISC",
"url": "https://www.woocommerce-filter.com/update-woocommerce-products-filter-v-2-2-0/"
}
]
}
}