admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:29:29 +00:00
parent 21549b08c8
commit 2c49d32ec3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 4893 additions and 4893 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
1999/1xxx/CVE-1999-1107.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1107",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19981118 Multiple KDE security vulnerabilities (root compromise)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=91141486301691&w=2"
},
{
"name" : "kde-kppp-path-bo(1650)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1650"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19981118 Multiple KDE security vulnerabilities (root compromise)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=91141486301691&w=2"
},
{
"name": "kde-kppp-path-bo(1650)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1650"
}
]
}
}

140
2000/1xxx/CVE-2000-1083.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1083",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the \"Extended Stored Procedure Parameter Parsing\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1083",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001201 Microsoft SQL Server extended stored procedure vulnerability",
"refsource" : "ATSTAKE",
"url" : "http://marc.info/?l=bugtraq&m=97570878710037&w=2"
},
{
"name" : "MS00-092",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092"
},
{
"name" : "2038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/2038"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the \"Extended Stored Procedure Parameter Parsing\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001201 Microsoft SQL Server extended stored procedure vulnerability",
"refsource": "ATSTAKE",
"url": "http://marc.info/?l=bugtraq&m=97570878710037&w=2"
},
{
"name": "MS00-092",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-092"
},
{
"name": "2038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2038"
}
]
}
}

140
2000/1xxx/CVE-2000-1136.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1136",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001122 New version of elvis-tiny released",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=97502995616099&w=2"
},
{
"name" : "1984",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1984"
},
{
"name" : "linux-tinyelvis-tmpfiles(5632)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5632"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1984"
},
{
"name": "linux-tinyelvis-tmpfiles(5632)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5632"
},
{
"name": "20001122 New version of elvis-tiny released",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=97502995616099&w=2"
}
]
}
}

150
2005/2xxx/CVE-2005-2112.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2112",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050629 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112006318512991&w=2"
},
{
"name" : "http://www.gulftech.org/?node=research&article_id=00086-06292005",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00086-06292005"
},
{
"name" : "http://www.xoops.org/modules/news/article.php?storyid=2383",
"refsource" : "CONFIRM",
"url" : "http://www.xoops.org/modules/news/article.php?storyid=2383"
},
{
"name" : "15843",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15843"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050629 XOOPS 2.0.11 && Earlier Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112006318512991&w=2"
},
{
"name": "http://www.gulftech.org/?node=research&article_id=00086-06292005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00086-06292005"
},
{
"name": "15843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15843"
},
{
"name": "http://www.xoops.org/modules/news/article.php?storyid=2383",
"refsource": "CONFIRM",
"url": "http://www.xoops.org/modules/news/article.php?storyid=2383"
}
]
}
}

180
2005/2xxx/CVE-2005-2648.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2648",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050818 w-agora 4.2.0 and prior Remote Directory Travel Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/408522"
},
{
"name" : "20050818 w-agora 4.2.0 and prior Remote Directory Travel Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0599.html"
},
{
"name" : "http://h4cky0u.org/viewtopic.php?t=2097",
"refsource" : "MISC",
"url" : "http://h4cky0u.org/viewtopic.php?t=2097"
},
{
"name" : "14597",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14597"
},
{
"name" : "1014737",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014737"
},
{
"name" : "16497",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16497"
},
{
"name" : "wagora-index-directory-traversal(21906)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21906"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://h4cky0u.org/viewtopic.php?t=2097",
"refsource": "MISC",
"url": "http://h4cky0u.org/viewtopic.php?t=2097"
},
{
"name": "wagora-index-directory-traversal(21906)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21906"
},
{
"name": "20050818 w-agora 4.2.0 and prior Remote Directory Travel Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0599.html"
},
{
"name": "16497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16497"
},
{
"name": "20050818 w-agora 4.2.0 and prior Remote Directory Travel Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/408522"
},
{
"name": "14597",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14597"
},
{
"name": "1014737",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014737"
}
]
}
}

130
2005/2xxx/CVE-2005-2698.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2698",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publisher Enterprise 3.04 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded keywords parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050822 Nephp Publisher Enterprise 3.04 Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112472773629251&w=2"
},
{
"name" : "nephppublisher-browse-xss(21943)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21943"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publisher Enterprise 3.04 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded keywords parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "nephppublisher-browse-xss(21943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21943"
},
{
"name": "20050822 Nephp Publisher Enterprise 3.04 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112472773629251&w=2"
}
]
}
}

870
2005/2xxx/CVE-2005-2969.json
View File

@ -1,437 +1,437 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2969",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754",
"refsource" : "MISC",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754"
},
{
"name" : "http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt",
"refsource" : "MISC",
"url" : "http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt"
},
{
"name" : "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf",
"refsource" : "MISC",
"url" : "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf"
},
{
"name" : "http://www.openssl.org/news/secadv_20051011.txt",
"refsource" : "CONFIRM",
"url" : "http://www.openssl.org/news/secadv_20051011.txt"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm"
},
{
"name" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
},
{
"name" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html"
},
{
"name" : "https://issues.rpath.com/browse/RPL-1633",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-1633"
},
{
"name" : "APPLE-SA-2005-11-29",
"refsource" : "APPLE",
"url" : "http://docs.info.apple.com/article.html?artnum=302847"
},
{
"name" : "20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml"
},
{
"name" : "DSA-875",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-875"
},
{
"name" : "DSA-881",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-881"
},
{
"name" : "DSA-882",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-882"
},
{
"name" : "HPSBUX02174",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
},
{
"name" : "SSRT061239",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
},
{
"name" : "HPSBUX02186",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
},
{
"name" : "SSRT071299",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
},
{
"name" : "MDKSA-2005:179",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:179"
},
{
"name" : "RHSA-2005:800",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-800.html"
},
{
"name" : "RHSA-2005:762",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-762.html"
},
{
"name" : "RHSA-2008:0629",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
},
{
"name" : "101974",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1"
},
{
"name" : "SUSE-SA:2005:061",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_61_openssl.html"
},
{
"name" : "TSLSA-2005-0059",
"refsource" : "TRUSTIX",
"url" : "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
},
{
"name" : "15647",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15647"
},
{
"name" : "15071",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15071"
},
{
"name" : "24799",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24799"
},
{
"name" : "oval:org.mitre.oval:def:11454",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454"
},
{
"name" : "ADV-2005-2710",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2710"
},
{
"name" : "ADV-2005-2908",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2908"
},
{
"name" : "ADV-2005-2036",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2036"
},
{
"name" : "ADV-2005-3002",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/3002"
},
{
"name" : "ADV-2005-3056",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/3056"
},
{
"name" : "ADV-2005-2659",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2659"
},
{
"name" : "ADV-2006-3531",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3531"
},
{
"name" : "ADV-2007-0326",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0326"
},
{
"name" : "ADV-2007-0343",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/0343"
},
{
"name" : "ADV-2007-2457",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2457"
},
{
"name" : "1015032",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015032"
},
{
"name" : "17813",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17813"
},
{
"name" : "17888",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17888"
},
{
"name" : "18045",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18045"
},
{
"name" : "17151",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17151"
},
{
"name" : "18165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18165"
},
{
"name" : "18123",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18123"
},
{
"name" : "17146",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17146"
},
{
"name" : "17153",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17153"
},
{
"name" : "17169",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17169"
},
{
"name" : "17178",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17178"
},
{
"name" : "17180",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17180"
},
{
"name" : "17189",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17189"
},
{
"name" : "17191",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17191"
},
{
"name" : "17210",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17210"
},
{
"name" : "17259",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17259"
},
{
"name" : "17288",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17288"
},
{
"name" : "17335",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17335"
},
{
"name" : "17344",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17344"
},
{
"name" : "17389",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17389"
},
{
"name" : "17409",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17409"
},
{
"name" : "17432",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17432"
},
{
"name" : "17466",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17466"
},
{
"name" : "17589",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17589"
},
{
"name" : "17617",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17617"
},
{
"name" : "17632",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17632"
},
{
"name" : "18663",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18663"
},
{
"name" : "19185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19185"
},
{
"name" : "21827",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21827"
},
{
"name" : "23280",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23280"
},
{
"name" : "23340",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23340"
},
{
"name" : "23915",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23915"
},
{
"name" : "23843",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23843"
},
{
"name" : "25973",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25973"
},
{
"name" : "26893",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26893"
},
{
"name" : "31492",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31492"
},
{
"name" : "hitachi-hicommand-security-bypass(35287)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35287"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17259",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17259"
},
{
"name": "23915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23915"
},
{
"name": "SUSE-SA:2005:061",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_61_openssl.html"
},
{
"name": "26893",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26893"
},
{
"name": "17389",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17389"
},
{
"name": "ADV-2005-3056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3056"
},
{
"name": "ADV-2007-2457",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2457"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm"
},
{
"name": "17813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17813"
},
{
"name": "15071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15071"
},
{
"name": "18165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18165"
},
{
"name": "23340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23340"
},
{
"name": "18123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18123"
},
{
"name": "DSA-881",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-881"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754",
"refsource": "MISC",
"url": "http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754"
},
{
"name": "http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html"
},
{
"name": "ADV-2005-2659",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2659"
},
{
"name": "24799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24799"
},
{
"name": "DSA-882",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-882"
},
{
"name": "20051202 Cisco Security Notice: Response to OpenSSL - Potential SSL 2.0 Rollback",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml"
},
{
"name": "17153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17153"
},
{
"name": "SSRT071299",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
},
{
"name": "TSLSA-2005-0059",
"refsource": "TRUSTIX",
"url": "http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html"
},
{
"name": "17191",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17191"
},
{
"name": "ADV-2005-2908",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2908"
},
{
"name": "1015032",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015032"
},
{
"name": "https://issues.rpath.com/browse/RPL-1633",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-1633"
},
{
"name": "17344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17344"
},
{
"name": "19185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19185"
},
{
"name": "ADV-2005-2036",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2036"
},
{
"name": "http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt",
"refsource": "MISC",
"url": "http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt"
},
{
"name": "17589",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17589"
},
{
"name": "ADV-2005-2710",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2710"
},
{
"name": "ADV-2005-3002",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3002"
},
{
"name": "31492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31492"
},
{
"name": "17466",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17466"
},
{
"name": "RHSA-2008:0629",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
},
{
"name": "17146",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17146"
},
{
"name": "17169",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17169"
},
{
"name": "hitachi-hicommand-security-bypass(35287)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35287"
},
{
"name": "ADV-2007-0343",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0343"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm"
},
{
"name": "23280",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23280"
},
{
"name": "APPLE-SA-2005-11-29",
"refsource": "APPLE",
"url": "http://docs.info.apple.com/article.html?artnum=302847"
},
{
"name": "23843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23843"
},
{
"name": "17189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17189"
},
{
"name": "21827",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21827"
},
{
"name": "17288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17288"
},
{
"name": "HPSBUX02186",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540"
},
{
"name": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf",
"refsource": "MISC",
"url": "ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf"
},
{
"name": "MDKSA-2005:179",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:179"
},
{
"name": "17632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17632"
},
{
"name": "ADV-2007-0326",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0326"
},
{
"name": "17409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17409"
},
{
"name": "25973",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25973"
},
{
"name": "oval:org.mitre.oval:def:11454",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454"
},
{
"name": "17888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17888"
},
{
"name": "17210",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17210"
},
{
"name": "DSA-875",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-875"
},
{
"name": "ADV-2006-3531",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3531"
},
{
"name": "http://www.openssl.org/news/secadv_20051011.txt",
"refsource": "CONFIRM",
"url": "http://www.openssl.org/news/secadv_20051011.txt"
},
{
"name": "17178",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17178"
},
{
"name": "HPSBUX02174",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
},
{
"name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
},
{
"name": "17432",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17432"
},
{
"name": "17180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17180"
},
{
"name": "101974",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1"
},
{
"name": "15647",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15647"
},
{
"name": "17335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17335"
},
{
"name": "RHSA-2005:762",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-762.html"
},
{
"name": "RHSA-2005:800",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-800.html"
},
{
"name": "17151",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17151"
},
{
"name": "18663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18663"
},
{
"name": "17617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17617"
},
{
"name": "SSRT061239",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100"
},
{
"name": "18045",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18045"
}
]
}
}

130
2005/3xxx/CVE-2005-3212.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3212",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple interpretation error in unspecified versions of NOD32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3212",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051007 Antivirus detection bypass by special crafted archive.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2"
},
{
"name" : "http://shadock.net/secubox/AVCraftedArchive.html",
"refsource" : "MISC",
"url" : "http://shadock.net/secubox/AVCraftedArchive.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple interpretation error in unspecified versions of NOD32 Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://shadock.net/secubox/AVCraftedArchive.html",
"refsource": "MISC",
"url": "http://shadock.net/secubox/AVCraftedArchive.html"
},
{
"name": "20051007 Antivirus detection bypass by special crafted archive.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2"
}
]
}
}

180
2005/3xxx/CVE-2005-3430.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3430",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113053680631151&w=2"
},
{
"name" : "20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html"
},
{
"name" : "http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf",
"refsource" : "MISC",
"url" : "http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf"
},
{
"name" : "15230",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15230"
},
{
"name" : "1015117",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015117"
},
{
"name" : "17240",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17240/"
},
{
"name" : "mailsiteexpress-attachment-script-execution(22907)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22907"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html"
},
{
"name": "mailsiteexpress-attachment-script-execution(22907)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22907"
},
{
"name": "1015117",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015117"
},
{
"name": "http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf",
"refsource": "MISC",
"url": "http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf"
},
{
"name": "17240",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17240/"
},
{
"name": "15230",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15230"
},
{
"name": "20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113053680631151&w=2"
}
]
}
}

350
2005/3xxx/CVE-2005-3656.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3656",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060109 Multiple Vendor mod_auth_pgsql Format String Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=367"
},
{
"name" : "DSA-935",
"refsource" : "DEBIAN",
"url" : "http://www.debian.de/security/2006/dsa-935"
},
{
"name" : "GLSA-200601-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-05.xml"
},
{
"name" : "RHSA-2006:0164",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0164.html"
},
{
"name" : "http://www.giuseppetanzilli.it/mod%5Fauth%5Fpgsql2/",
"refsource" : "CONFIRM",
"url" : "http://www.giuseppetanzilli.it/mod%5Fauth%5Fpgsql2/"
},
{
"name" : "MDKSA-2006:009",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:009"
},
{
"name" : "20060101-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name" : "2006-0002",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2006/0002/"
},
{
"name" : "USN-239-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/239-1/"
},
{
"name" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00016.html",
"refsource" : "CONFIRM",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00016.html"
},
{
"name" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00015.html",
"refsource" : "CONFIRM",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00015.html"
},
{
"name" : "16153",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16153"
},
{
"name" : "oval:org.mitre.oval:def:10600",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10600"
},
{
"name" : "ADV-2006-0070",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0070"
},
{
"name" : "1015446",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015446"
},
{
"name" : "18304",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18304"
},
{
"name" : "18321",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18321"
},
{
"name" : "18348",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18348"
},
{
"name" : "18347",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18347"
},
{
"name" : "18350",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18350"
},
{
"name" : "18397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18397"
},
{
"name" : "18403",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18403"
},
{
"name" : "18517",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18517"
},
{
"name" : "18463",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18463"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200601-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-05.xml"
},
{
"name": "18321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18321"
},
{
"name": "http://www.giuseppetanzilli.it/mod%5Fauth%5Fpgsql2/",
"refsource": "CONFIRM",
"url": "http://www.giuseppetanzilli.it/mod%5Fauth%5Fpgsql2/"
},
{
"name": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00016.html",
"refsource": "CONFIRM",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00016.html"
},
{
"name": "16153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16153"
},
{
"name": "USN-239-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/239-1/"
},
{
"name": "18347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18347"
},
{
"name": "18304",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18304"
},
{
"name": "2006-0002",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0002/"
},
{
"name": "18463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18463"
},
{
"name": "18350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18350"
},
{
"name": "ADV-2006-0070",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0070"
},
{
"name": "20060101-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "RHSA-2006:0164",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0164.html"
},
{
"name": "oval:org.mitre.oval:def:10600",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10600"
},
{
"name": "18517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18517"
},
{
"name": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00015.html",
"refsource": "CONFIRM",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00015.html"
},
{
"name": "1015446",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015446"
},
{
"name": "18403",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18403"
},
{
"name": "18397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18397"
},
{
"name": "MDKSA-2006:009",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:009"
},
{
"name": "18348",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18348"
},
{
"name": "DSA-935",
"refsource": "DEBIAN",
"url": "http://www.debian.de/security/2006/dsa-935"
},
{
"name": "20060109 Multiple Vendor mod_auth_pgsql Format String Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=367"
}
]
}
}

180
2005/3xxx/CVE-2005-3664.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3664",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3664",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051010 Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=318&type=vulnerabilities"
},
{
"name" : "15054",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15054"
},
{
"name" : "19912",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19912"
},
{
"name" : "19913",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19913"
},
{
"name" : "17130",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17130"
},
{
"name" : "17144",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17144"
},
{
"name" : "kaspersky-fsecure-chm-bo(22564)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22564"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in Kaspersky Personal 5.0.227, Anti-Virus On-Demand Scanner for Linux 5.0.5, and F-Secure Anti-Virus for Linux 4.50 allows remote attackers to execute arbitrary code via a crafted CHM file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17130"
},
{
"name": "19913",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19913"
},
{
"name": "20051010 Kaspersky Anti-Virus Engine CHM File Parser Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=318&type=vulnerabilities"
},
{
"name": "19912",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19912"
},
{
"name": "kaspersky-fsecure-chm-bo(22564)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22564"
},
{
"name": "15054",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15054"
},
{
"name": "17144",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17144"
}
]
}
}

190
2005/3xxx/CVE-2005-3927.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3927",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051128 Guppy <= 4.5.9 Remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/417899/100/0/threaded"
},
{
"name" : "http://rgod.altervista.org/guppy459_xpl.html",
"refsource" : "MISC",
"url" : "http://rgod.altervista.org/guppy459_xpl.html"
},
{
"name" : "15610",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15610"
},
{
"name" : "ADV-2005-2635",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2635"
},
{
"name" : "1015279",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015279"
},
{
"name" : "17790",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17790"
},
{
"name" : "212",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/212"
},
{
"name" : "guppy-file-include-directory-traversal(23319)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23319"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via (1) the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts (2) archbatch.php, (3) dbbatch.php, and (4) nwlmail.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015279",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015279"
},
{
"name": "guppy-file-include-directory-traversal(23319)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23319"
},
{
"name": "20051128 Guppy <= 4.5.9 Remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417899/100/0/threaded"
},
{
"name": "17790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17790"
},
{
"name": "212",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/212"
},
{
"name": "15610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15610"
},
{
"name": "http://rgod.altervista.org/guppy459_xpl.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/guppy459_xpl.html"
},
{
"name": "ADV-2005-2635",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2635"
}
]
}
}

160
2005/4xxx/CVE-2005-4063.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4063",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4063",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/netauctionhelp-v30-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/netauctionhelp-v30-xss-vuln.html"
},
{
"name" : "15737",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15737"
},
{
"name" : "ADV-2005-2761",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2761"
},
{
"name" : "21474",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21474"
},
{
"name" : "17902",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17902"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2761",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2761"
},
{
"name": "21474",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21474"
},
{
"name": "17902",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17902"
},
{
"name": "http://pridels0.blogspot.com/2005/12/netauctionhelp-v30-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/netauctionhelp-v30-xss-vuln.html"
},
{
"name": "15737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15737"
}
]
}
}

150
2005/4xxx/CVE-2005-4286.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4286",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving \"'smart' values for userid and password,\" probably involving an SQL injection vulnerability in the (1) pass and (2) usr parameters in submit.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phplogcon.com/Article9.phtml",
"refsource" : "CONFIRM",
"url" : "http://www.phplogcon.com/Article9.phtml"
},
{
"name" : "http://cvs.sourceforge.net/viewcvs.py/phplogcon/phplogcon/submit.php?r1=1.4&r2=1.5",
"refsource" : "MISC",
"url" : "http://cvs.sourceforge.net/viewcvs.py/phplogcon/phplogcon/submit.php?r1=1.4&r2=1.5"
},
{
"name" : "ADV-2005-2930",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2930"
},
{
"name" : "18053",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18053"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote attackers to use arbitrary profiles via unknown vectors involving \"'smart' values for userid and password,\" probably involving an SQL injection vulnerability in the (1) pass and (2) usr parameters in submit.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.phplogcon.com/Article9.phtml",
"refsource": "CONFIRM",
"url": "http://www.phplogcon.com/Article9.phtml"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/phplogcon/phplogcon/submit.php?r1=1.4&r2=1.5",
"refsource": "MISC",
"url": "http://cvs.sourceforge.net/viewcvs.py/phplogcon/phplogcon/submit.php?r1=1.4&r2=1.5"
},
{
"name": "ADV-2005-2930",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2930"
},
{
"name": "18053",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18053"
}
]
}
}

170
2005/4xxx/CVE-2005-4342.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4342",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to \"bypass security controls,\" aka \"JRun Clustered Sandbox Security Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4342",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html",
"refsource" : "CONFIRM",
"url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html",
"refsource" : "CONFIRM",
"url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name" : "15904",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15904"
},
{
"name" : "ADV-2005-2948",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2948"
},
{
"name" : "1015369",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015369"
},
{
"name" : "18078",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18078"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and 7.0 does not throw an exception if the SecurityManager is disabled, which might allow remote attackers to \"bypass security controls,\" aka \"JRun Clustered Sandbox Security Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18078"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-12.html"
},
{
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015369",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015369"
},
{
"name": "ADV-2005-2948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
]
}
}

240
2005/4xxx/CVE-2005-4667.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4667",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051219 Unzip *ALL* verisons ;))",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
},
{
"name" : "http://www.info-zip.org/FAQ.html",
"refsource" : "CONFIRM",
"url" : "http://www.info-zip.org/FAQ.html"
},
{
"name" : "DSA-1012",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1012"
},
{
"name" : "FLSA:180159",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
},
{
"name" : "MDKSA-2006:050",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
},
{
"name" : "RHSA-2007:0203",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
},
{
"name" : "2006-0006",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2006/0006"
},
{
"name" : "USN-248-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/248-1/"
},
{
"name" : "USN-248-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/248-2/"
},
{
"name" : "15968",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15968"
},
{
"name" : "22400",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22400"
},
{
"name" : "oval:org.mitre.oval:def:11252",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
},
{
"name" : "25098",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25098"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25098"
},
{
"name": "USN-248-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/248-2/"
},
{
"name": "http://www.info-zip.org/FAQ.html",
"refsource": "CONFIRM",
"url": "http://www.info-zip.org/FAQ.html"
},
{
"name": "FLSA:180159",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
},
{
"name": "MDKSA-2006:050",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
},
{
"name": "2006-0006",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0006"
},
{
"name": "oval:org.mitre.oval:def:11252",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
},
{
"name": "RHSA-2007:0203",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
},
{
"name": "USN-248-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/248-1/"
},
{
"name": "20051219 Unzip *ALL* verisons ;))",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
},
{
"name": "22400",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22400"
},
{
"name": "15968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15968"
},
{
"name": "DSA-1012",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1012"
}
]
}
}

150
2009/2xxx/CVE-2009-2163.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090603 [InterN0T] SiteCore.NET 6.0.0 - XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504093/100/0/threaded"
},
{
"name" : "20090605 Re: [InterN0T] SiteCore.NET 6.0.0 - XSS Vulnerability-fixed",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504132/100/0/threaded"
},
{
"name" : "http://forum.intern0t.net/intern0t-advisories/1082-intern0t-sitecore-net-6-0-0-cross-site-scripting-vulnerability.html",
"refsource" : "MISC",
"url" : "http://forum.intern0t.net/intern0t-advisories/1082-intern0t-sitecore-net-6-0-0-cross-site-scripting-vulnerability.html"
},
{
"name" : "35353",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35353"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in login/default.aspx in Sitecore CMS before 6.0.2 Update-1 090507 allows remote attackers to inject arbitrary web script or HTML via the sc_error parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090603 [InterN0T] SiteCore.NET 6.0.0 - XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504093/100/0/threaded"
},
{
"name": "20090605 Re: [InterN0T] SiteCore.NET 6.0.0 - XSS Vulnerability-fixed",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504132/100/0/threaded"
},
{
"name": "35353",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35353"
},
{
"name": "http://forum.intern0t.net/intern0t-advisories/1082-intern0t-sitecore-net-6-0-0-cross-site-scripting-vulnerability.html",
"refsource": "MISC",
"url": "http://forum.intern0t.net/intern0t-advisories/1082-intern0t-sitecore-net-6-0-0-cross-site-scripting-vulnerability.html"
}
]
}
}

190
2009/2xxx/CVE-2009-2201.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3797",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3797"
},
{
"name" : "APPLE-SA-2009-09-14-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Sep/msg00005.html"
},
{
"name" : "36385",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36385"
},
{
"name" : "58133",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/58133"
},
{
"name" : "1022904",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022904"
},
{
"name" : "36673",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36673"
},
{
"name" : "ADV-2009-2644",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2644"
},
{
"name" : "xsan-admin-information-disclosure(53232)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53232"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xsan-admin-information-disclosure(53232)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53232"
},
{
"name": "36385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36385"
},
{
"name": "58133",
"refsource": "OSVDB",
"url": "http://osvdb.org/58133"
},
{
"name": "ADV-2009-2644",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2644"
},
{
"name": "1022904",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022904"
},
{
"name": "http://support.apple.com/kb/HT3797",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3797"
},
{
"name": "APPLE-SA-2009-09-14-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Sep/msg00005.html"
},
{
"name": "36673",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36673"
}
]
}
}

140
2009/2xxx/CVE-2009-2433.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2433",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2433",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9100",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9100"
},
{
"name" : "35620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35620"
},
{
"name" : "oval:org.mitre.oval:def:12829",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:12829",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12829"
},
{
"name": "9100",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9100"
},
{
"name": "35620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35620"
}
]
}
}

140
2009/2xxx/CVE-2009-2512.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka \"Web Services on Devices API Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS09-063",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-063"
},
{
"name" : "TA09-314A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-314A.html"
},
{
"name" : "oval:org.mitre.oval:def:6079",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6079"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly process the headers of WSD messages, which allows remote attackers to execute arbitrary code via a crafted (1) message or (2) response, aka \"Web Services on Devices API Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS09-063",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-063"
},
{
"name": "TA09-314A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-314A.html"
},
{
"name": "oval:org.mitre.oval:def:6079",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6079"
}
]
}
}

160
2009/2xxx/CVE-2009-2559.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2559",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2009-04.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2009-04.html"
},
{
"name" : "35748",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35748"
},
{
"name" : "oval:org.mitre.oval:def:6379",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6379"
},
{
"name" : "35884",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35884"
},
{
"name" : "ADV-2009-1970",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1970"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.wireshark.org/security/wnpa-sec-2009-04.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2009-04.html"
},
{
"name": "ADV-2009-1970",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1970"
},
{
"name": "oval:org.mitre.oval:def:6379",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6379"
},
{
"name": "35748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35748"
},
{
"name": "35884",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35884"
}
]
}
}

160
2009/3xxx/CVE-2009-3264.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3264",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified \"access check,\" which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=21338",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=21338"
},
{
"name" : "http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html"
},
{
"name" : "36416",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36416"
},
{
"name" : "58193",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/58193"
},
{
"name" : "36770",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getSVGDocument method in Google Chrome before 3.0.195.21 omits an unspecified \"access check,\" which allows remote web servers to bypass the Same Origin Policy and conduct cross-site scripting attacks via unknown vectors, related to a user's visit to a different web server that hosts an SVG document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "58193",
"refsource": "OSVDB",
"url": "http://osvdb.org/58193"
},
{
"name": "36416",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36416"
},
{
"name": "http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html"
},
{
"name": "36770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36770"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=21338",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=21338"
}
]
}
}

280
2009/3xxx/CVE-2009-3380.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3380",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-64.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-64.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=454872",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=454872"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=489925",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=489925"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=497013",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=497013"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=508927",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=508927"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=509244",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=509244"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=509602",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=509602"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=514776",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=514776"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=522030",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=522030"
},
{
"name" : "MDVSA-2009:294",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294"
},
{
"name" : "RHSA-2010:0153",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0153.html"
},
{
"name" : "RHSA-2010:0154",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0154.html"
},
{
"name" : "272909",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1"
},
{
"name" : "oval:org.mitre.oval:def:6580",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6580"
},
{
"name" : "oval:org.mitre.oval:def:9463",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9463"
},
{
"name" : "ADV-2009-3334",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3334"
},
{
"name" : "ADV-2010-0650",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0650"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2010:0153",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html"
},
{
"name": "ADV-2010-0650",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0650"
},
{
"name": "272909",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-272909-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=454872",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=454872"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=508927",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=508927"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=489925",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=489925"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=509602",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=509602"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=497013",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=497013"
},
{
"name": "RHSA-2010:0154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-64.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-64.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=509244",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=509244"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=522030",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=522030"
},
{
"name": "oval:org.mitre.oval:def:6580",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6580"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=514776",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=514776"
},
{
"name": "oval:org.mitre.oval:def:9463",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9463"
},
{
"name": "ADV-2009-3334",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3334"
},
{
"name": "MDVSA-2009:294",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:294"
}
]
}
}

160
2009/3xxx/CVE-2009-3719.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3719",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to inject arbitrary web script or HTML via a comment."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9183",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9183"
},
{
"name" : "http://full-discl0sure.blogspot.com/2009/07/battle-blog-sqlhtml-injection.html",
"refsource" : "MISC",
"url" : "http://full-discl0sure.blogspot.com/2009/07/battle-blog-sqlhtml-injection.html"
},
{
"name" : "35726",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35726"
},
{
"name" : "35864",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35864"
},
{
"name" : "battleblog-comment-xss(51807)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51807"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to inject arbitrary web script or HTML via a comment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9183",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9183"
},
{
"name": "battleblog-comment-xss(51807)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51807"
},
{
"name": "http://full-discl0sure.blogspot.com/2009/07/battle-blog-sqlhtml-injection.html",
"refsource": "MISC",
"url": "http://full-discl0sure.blogspot.com/2009/07/battle-blog-sqlhtml-injection.html"
},
{
"name": "35726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35726"
},
{
"name": "35864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35864"
}
]
}
}

190
2009/4xxx/CVE-2009-4181.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4181",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2009-4181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091209 TPTI-09-14: HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508357/100/0/threaded"
},
{
"name" : "http://dvlabs.tippingpoint.com/advisory/TPTI-09-14",
"refsource" : "MISC",
"url" : "http://dvlabs.tippingpoint.com/advisory/TPTI-09-14"
},
{
"name" : "HPSBMA02483",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877"
},
{
"name" : "SSRT090164",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877"
},
{
"name" : "SSRT090257",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=126046355120442&w=2"
},
{
"name" : "37261",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37261"
},
{
"name" : "37343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37343"
},
{
"name" : "hp-ovnnm-ovwebsnmpsrv-bo(54655)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54655"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dvlabs.tippingpoint.com/advisory/TPTI-09-14",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/advisory/TPTI-09-14"
},
{
"name": "20091209 TPTI-09-14: HP OpenView NNM ovwebsnmpsrv.exe OVwSelection Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508357/100/0/threaded"
},
{
"name": "37261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37261"
},
{
"name": "SSRT090257",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=126046355120442&w=2"
},
{
"name": "hp-ovnnm-ovwebsnmpsrv-bo(54655)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54655"
},
{
"name": "HPSBMA02483",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877"
},
{
"name": "SSRT090164",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877"
},
{
"name": "37343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37343"
}
]
}
}

150
2009/4xxx/CVE-2009-4520.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4520",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/617380",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/617380"
},
{
"name" : "36863",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36863"
},
{
"name" : "37206",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37206"
},
{
"name" : "ADV-2009-3084",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3084"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to bypass intended access restrictions and read comments by using the autocomplete path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/617380",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/617380"
},
{
"name": "ADV-2009-3084",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3084"
},
{
"name": "36863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36863"
},
{
"name": "37206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37206"
}
]
}
}

120
2009/4xxx/CVE-2009-4746.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4746",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a poll_default login action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091008 DreamPoll 3.1 Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507039/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels DreamPoll 3.1 allows remote attackers to inject arbitrary web script or HTML via the recordsPerPage parameter in a poll_default login action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091008 DreamPoll 3.1 Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507039/100/0/threaded"
}
]
}
}

200
2015/0xxx/CVE-2015-0351.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0358, and CVE-2015-3039."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-0351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html"
},
{
"name" : "GLSA-201504-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-07"
},
{
"name" : "RHSA-2015:0813",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0813.html"
},
{
"name" : "SUSE-SU-2015:0722",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html"
},
{
"name" : "SUSE-SU-2015:0723",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html"
},
{
"name" : "openSUSE-SU-2015:0718",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html"
},
{
"name" : "openSUSE-SU-2015:0725",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html"
},
{
"name" : "74064",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74064"
},
{
"name" : "1032105",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032105"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0349, CVE-2015-0358, and CVE-2015-3039."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:0718",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00010.html"
},
{
"name": "SUSE-SU-2015:0722",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00011.html"
},
{
"name": "GLSA-201504-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-07"
},
{
"name": "1032105",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032105"
},
{
"name": "RHSA-2015:0813",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0813.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-06.html"
},
{
"name": "openSUSE-SU-2015:0725",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00013.html"
},
{
"name": "74064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74064"
},
{
"name": "SUSE-SU-2015:0723",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00012.html"
}
]
}
}

120
2015/0xxx/CVE-2015-0713.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0713",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150513 Command Injection Vulnerability in Multiple Cisco TelePresence Products",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web framework in Cisco TelePresence Advanced Media Gateway Series Software before 1.1(1.40), Cisco TelePresence IP Gateway Series Software, Cisco TelePresence IP VCR Series Software before 3.0(1.27), Cisco TelePresence ISDN Gateway Software before 2.2(1.94), Cisco TelePresence MCU Software before 4.4(3.54) and 4.5 before 4.5(1.45), Cisco TelePresence MSE Supervisor Software before 2.3(1.38), Cisco TelePresence Serial Gateway Series Software before 1.0(1.42), Cisco TelePresence Server Software for Hardware before 3.1(1.98), and Cisco TelePresence Server Software for Virtual Machine before 4.1(1.79) allows remote authenticated users to execute arbitrary commands with root privileges via unspecified vectors, aka Bug IDs CSCul55968, CSCur08993, CSCur15803, CSCur15807, CSCur15825, CSCur15832, CSCur15842, CSCur15850, and CSCur15855."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150513 Command Injection Vulnerability in Multiple Cisco TelePresence Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tp"
}
]
}
}

130
2015/0xxx/CVE-2015-0724.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0724",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 in Cisco Headend Digital Broadband Delivery System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCur25604."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0724",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150512 Cisco Headend Digital Broadband Delivery System Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38767"
},
{
"name" : "1032304",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032304"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 in Cisco Headend Digital Broadband Delivery System allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in a (1) GET or (2) POST request, aka Bug ID CSCur25604."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032304",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032304"
},
{
"name": "20150512 Cisco Headend Digital Broadband Delivery System Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38767"
}
]
}
}

120
2015/0xxx/CVE-2015-0993.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-0993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inductive Automation Ignition 7.7.2 does not terminate a session upon a logout action, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-090-01"
}
]
}
}

130
2015/1xxx/CVE-2015-1193.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150118 Re: CVE request: pigz, kgb, pax: directory traversal",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/18/3"
},
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774716",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774716"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150118 Re: CVE request: pigz, kgb, pax: directory traversal",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/18/3"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774716",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774716"
}
]
}
}

210
2015/1xxx/CVE-2015-1366.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1366",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150119 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534505/100/0/threaded"
},
{
"name" : "35846",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35846"
},
{
"name" : "20150120 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jan/75"
},
{
"name" : "[oss-security] 20150125 CVE request: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/25/5"
},
{
"name" : "http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html"
},
{
"name" : "https://www.mogwaisecurity.de/advisories/MSA-2015-01.txt",
"refsource" : "MISC",
"url" : "https://www.mogwaisecurity.de/advisories/MSA-2015-01.txt"
},
{
"name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php",
"refsource" : "CONFIRM",
"url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php"
},
{
"name" : "73931",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73931"
},
{
"name" : "117144",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/117144"
},
{
"name" : "pixarbay-wordpress-authorlink-xss(100039)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100039"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150120 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/75"
},
{
"name": "73931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73931"
},
{
"name": "pixarbay-wordpress-authorlink-xss(100039)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100039"
},
{
"name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php"
},
{
"name": "117144",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/117144"
},
{
"name": "35846",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35846"
},
{
"name": "20150119 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534505/100/0/threaded"
},
{
"name": "[oss-security] 20150125 CVE request: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/25/5"
},
{
"name": "https://www.mogwaisecurity.de/advisories/MSA-2015-01.txt",
"refsource": "MISC",
"url": "https://www.mogwaisecurity.de/advisories/MSA-2015-01.txt"
},
{
"name": "http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html"
}
]
}
}

34
2015/1xxx/CVE-2015-1534.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1534",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1534",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2015/1xxx/CVE-2015-1564.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1564",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150120 WebGUI 7.10.29 stable version Cross site scripting vulnerability",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jan/79"
},
{
"name" : "http://secupent.com/exploit/WebGUI-7.10.29-XSS.txt",
"refsource" : "MISC",
"url" : "http://secupent.com/exploit/WebGUI-7.10.29-XSS.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in style-underground/search in Plain Black WebGUI 7.10.29 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secupent.com/exploit/WebGUI-7.10.29-XSS.txt",
"refsource": "MISC",
"url": "http://secupent.com/exploit/WebGUI-7.10.29-XSS.txt"
},
{
"name": "20150120 WebGUI 7.10.29 stable version Cross site scripting vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/79"
}
]
}
}

150
2015/1xxx/CVE-2015-1846.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1846",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "unzoo allows remote attackers to cause a denial of service (infinite loop and resource consumption) via unspecified vectors to the (1) ExtrArch or (2) ListArch function, related to pointer handling."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150401 CVE-2015-1845, CVE-2015-1846 - unzoo - Buffer overflow & Infinite loop",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/01/5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1207647",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1207647"
},
{
"name" : "73686",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73686"
},
{
"name" : "1032011",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032011"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "unzoo allows remote attackers to cause a denial of service (infinite loop and resource consumption) via unspecified vectors to the (1) ExtrArch or (2) ListArch function, related to pointer handling."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032011",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032011"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1207647",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207647"
},
{
"name": "73686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73686"
},
{
"name": "[oss-security] 20150401 CVE-2015-1845, CVE-2015-1846 - unzoo - Buffer overflow & Infinite loop",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/01/5"
}
]
}
}

140
2015/1xxx/CVE-2015-1857.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1857",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cloudrouter.org/security/",
"refsource" : "CONFIRM",
"url" : "https://cloudrouter.org/security/"
},
{
"name" : "https://git.opendaylight.org/gerrit/#/c/17709/",
"refsource" : "CONFIRM",
"url" : "https://git.opendaylight.org/gerrit/#/c/17709/"
},
{
"name" : "https://wiki.opendaylight.org/view/Security_Advisories",
"refsource" : "CONFIRM",
"url" : "https://wiki.opendaylight.org/view/Security_Advisories"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote attackers to obtain sensitive information by leveraging missing AAA restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://git.opendaylight.org/gerrit/#/c/17709/",
"refsource": "CONFIRM",
"url": "https://git.opendaylight.org/gerrit/#/c/17709/"
},
{
"name": "https://wiki.opendaylight.org/view/Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.opendaylight.org/view/Security_Advisories"
},
{
"name": "https://cloudrouter.org/security/",
"refsource": "CONFIRM",
"url": "https://cloudrouter.org/security/"
}
]
}
}

120
2015/1xxx/CVE-2015-1971.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1971",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Team Concert (RTC) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Requirements Composer (RRC) 2.x and 3.x before 3.0.1.6 IF7 and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0; and Rational Software Architect Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1971",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971164",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971164"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Jazz Team Server in Jazz Foundation in IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager (RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Team Concert (RTC) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational Requirements Composer (RRC) 2.x and 3.x before 3.0.1.6 IF7 and 4.0 through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Engineering Lifecycle Manager (RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through 5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, 5.0 through 5.0.2, and 6.0; and Rational Software Architect Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7, and 5.0 through 5.0.2 allows remote attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971164",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971164"
}
]
}
}

120
2015/1xxx/CVE-2015-1993.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1993",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1993",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21968270",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21968270"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does not set the secure flag for unspecified cookies in an https session, which makes it easier for remote attackers to capture these cookies by intercepting their transmission within an http session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21968270",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21968270"
}
]
}
}

320
2015/4xxx/CVE-2015-4520.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4520",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-4520",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-111.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-111.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1200856",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1200856"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1200869",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1200869"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "DSA-3365",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3365"
},
{
"name" : "RHSA-2015:1852",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1852.html"
},
{
"name" : "RHSA-2015:1834",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1834.html"
},
{
"name" : "SUSE-SU-2015:2081",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name" : "openSUSE-SU-2015:1658",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
},
{
"name" : "SUSE-SU-2015:1680",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html"
},
{
"name" : "openSUSE-SU-2015:1679",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html"
},
{
"name" : "openSUSE-SU-2015:1681",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
},
{
"name" : "SUSE-SU-2015:1703",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html"
},
{
"name" : "USN-2743-4",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-4"
},
{
"name" : "USN-2754-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2754-1"
},
{
"name" : "USN-2743-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-1"
},
{
"name" : "USN-2743-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-2"
},
{
"name" : "USN-2743-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2743-3"
},
{
"name" : "76816",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76816"
},
{
"name" : "1033640",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033640"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote attackers to bypass CORS preflight protection mechanisms by leveraging (1) duplicate cache-key generation or (2) retrieval of a value from an incorrect HTTP Access-Control-* response header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-111.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-111.html"
},
{
"name": "SUSE-SU-2015:1680",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00004.html"
},
{
"name": "SUSE-SU-2015:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name": "openSUSE-SU-2015:1681",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00005.html"
},
{
"name": "USN-2754-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2754-1"
},
{
"name": "USN-2743-4",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-4"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "USN-2743-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-3"
},
{
"name": "RHSA-2015:1834",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1834.html"
},
{
"name": "USN-2743-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-2"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1200856",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1200856"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1200869",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1200869"
},
{
"name": "1033640",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033640"
},
{
"name": "RHSA-2015:1852",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1852.html"
},
{
"name": "DSA-3365",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3365"
},
{
"name": "76816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76816"
},
{
"name": "SUSE-SU-2015:1703",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00007.html"
},
{
"name": "openSUSE-SU-2015:1679",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00003.html"
},
{
"name": "openSUSE-SU-2015:1658",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00000.html"
},
{
"name": "USN-2743-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2743-1"
}
]
}
}

150
2015/4xxx/CVE-2015-4647.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4647",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-259/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-259/"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-260/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-260/"
},
{
"name" : "http://security.panasonic.com/pss/security/library/developer.html#SDK",
"refsource" : "CONFIRM",
"url" : "http://security.panasonic.com/pss/security/library/developer.html#SDK"
},
{
"name" : "75409",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75409"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Ipropsapi in Panasonic Security API (PS-API) ActiveX SDK before 8.10.18 allow remote attackers to execute arbitrary code via a long string in the (1) FilePassword property or to the (2) GetStringInfo method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-260/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-260/"
},
{
"name": "http://security.panasonic.com/pss/security/library/developer.html#SDK",
"refsource": "CONFIRM",
"url": "http://security.panasonic.com/pss/security/library/developer.html#SDK"
},
{
"name": "75409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75409"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-259/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-259/"
}
]
}
}

130
2015/4xxx/CVE-2015-4741.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4741",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Dialog popup."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-4741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name" : "1032926",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032926"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Dialog popup."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "1032926",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032926"
}
]
}
}

250
2015/5xxx/CVE-2015-5523.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5523",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150604 CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/06/04/2"
},
{
"name" : "[oss-security] 20150713 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/13/7"
},
{
"name" : "[oss-security] 20150714 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/15/3"
},
{
"name" : "https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501",
"refsource" : "CONFIRM",
"url" : "https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501"
},
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205213",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205213"
},
{
"name" : "https://support.apple.com/HT205267",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205267"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name" : "APPLE-SA-2015-09-30-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name" : "DSA-3309",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3309"
},
{
"name" : "USN-2695-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2695-1"
},
{
"name" : "75037",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75037"
},
{
"name" : "1033703",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033703"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033703",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033703"
},
{
"name": "[oss-security] 20150713 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/13/7"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "[oss-security] 20150604 CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/04/2"
},
{
"name": "USN-2695-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2695-1"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "DSA-3309",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3309"
},
{
"name": "APPLE-SA-2015-09-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name": "https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501",
"refsource": "CONFIRM",
"url": "https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501"
},
{
"name": "https://support.apple.com/HT205213",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205213"
},
{
"name": "75037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75037"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name": "[oss-security] 20150714 Re: CVE Request - tidy 0.99 / tidy5 heap-buffer-overflow",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/15/3"
}
]
}
}

34
2015/5xxx/CVE-2015-5596.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5596",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5596",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2015/5xxx/CVE-2015-5725.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://forum.codeigniter.com/thread-62743.html",
"refsource" : "CONFIRM",
"url" : "https://forum.codeigniter.com/thread-62743.html"
},
{
"name" : "https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318f9ec23",
"refsource" : "CONFIRM",
"url" : "https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318f9ec23"
},
{
"name" : "https://github.com/bcit-ci/CodeIgniter/issues/4020",
"refsource" : "CONFIRM",
"url" : "https://github.com/bcit-ci/CodeIgniter/issues/4020"
},
{
"name" : "https://www.codeigniter.com/userguide2/changelog.html",
"refsource" : "CONFIRM",
"url" : "https://www.codeigniter.com/userguide2/changelog.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the offset method in the Active Record class in CodeIgniter before 2.2.4 allows remote attackers to execute arbitrary SQL commands via vectors involving the offset variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.codeigniter.com/thread-62743.html",
"refsource": "CONFIRM",
"url": "https://forum.codeigniter.com/thread-62743.html"
},
{
"name": "https://github.com/bcit-ci/CodeIgniter/issues/4020",
"refsource": "CONFIRM",
"url": "https://github.com/bcit-ci/CodeIgniter/issues/4020"
},
{
"name": "https://www.codeigniter.com/userguide2/changelog.html",
"refsource": "CONFIRM",
"url": "https://www.codeigniter.com/userguide2/changelog.html"
},
{
"name": "https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318f9ec23",
"refsource": "CONFIRM",
"url": "https://github.com/bcit-ci/CodeIgniter/commit/0dde92def6b9f276f05ff77abb07ead318f9ec23"
}
]
}
}

142
2018/3xxx/CVE-2018-3094.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3094",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.5.3"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104762",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104762"
},
{
"name" : "1041310",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041310"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104762"
},
{
"name": "1041310",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041310"
}
]
}
}

152
2018/3xxx/CVE-2018-3157.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3157",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "Java SE: 11"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Sound). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3157",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE: 11"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181018-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181018-0001/"
},
{
"name" : "105595",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105595"
},
{
"name" : "1041889",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041889"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Sound). The supported version that is affected is Java SE: 11. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data. Note: This vulnerability applies to Java deployments that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0001/"
},
{
"name": "105595",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105595"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "1041889",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041889"
}
]
}
}

142
2018/3xxx/CVE-2018-3266.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11.3"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Verified Boot). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 3.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105605",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105605"
},
{
"name" : "1041895",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041895"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Verified Boot). The supported version that is affected is 11.3. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS 3.0 Base Score 3.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Solaris accessible data as well as unauthorized read access to a subset of Solaris accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Solaris."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041895",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041895"
},
{
"name": "105605",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105605"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

122
2018/3xxx/CVE-2018-3918.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-07-26T00:00:00",
"ID" : "CVE-2018-3918",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Samsung",
"version" : {
"version_data" : [
{
"version_value" : "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
}
]
}
}
]
},
"vendor_name" : "Samsung"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "denial of service"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-07-26T00:00:00",
"ID": "CVE-2018-3918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung",
"version": {
"version_data": [
{
"version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
}
]
}
}
]
},
"vendor_name": "Samsung"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0582",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0582"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for the 'sync' operation, leading to arbitrary deletion of cameras. An attacker can send an HTTP request to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0582",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0582"
}
]
}
}

34
2018/3xxx/CVE-2018-3983.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3983",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3983",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2018/3xxx/CVE-2018-3992.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-10-01T00:00:00",
"ID" : "CVE-2018-3992",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit PDF Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.2.0.9297"
}
]
}
}
]
},
"vendor_name" : "Foxit Software"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-10-01T00:00:00",
"ID": "CVE-2018-3992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit PDF Reader",
"version": {
"version_data": [
{
"version_value": "9.2.0.9297"
}
]
}
}
]
},
"vendor_name": "Foxit Software"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0660",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0660"
},
{
"name" : "1041769",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041769"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader, version 9.2.0.9297. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041769"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0660",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0660"
}
]
}
}

122
2018/6xxx/CVE-2018-6020.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"DATE_PUBLIC" : "2018-05-07T00:00:00",
"ID" : "CVE-2018-6020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2018-05-07T00:00:00",
"ID": "CVE-2018-6020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 and prior, authentication is not verified when making certain POST requests, which may allow attackers to modify system settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-128-01"
}
]
}
}

34
2018/6xxx/CVE-2018-6216.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6216",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6216",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

238
2018/6xxx/CVE-2018-6705.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@mcafee.com",
"ID" : "CVE-2018-6705",
"STATE" : "PUBLIC",
"TITLE" : "McAfee Agent (MA) for Linux Privilege Escalation vulnerability "
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "McAfee Agent (MA) for Linux",
"version" : {
"version_data" : [
{
"affected" : ">=",
"platform" : "x86",
"version_name" : "5.0.0",
"version_value" : "5.0.0"
},
{
"affected" : "<=",
"platform" : "x86",
"version_name" : "5.0.6",
"version_value" : "5.0.6"
},
{
"affected" : "=",
"platform" : "x86",
"version_name" : "5.5.0",
"version_value" : "5.5.0"
},
{
"affected" : "=",
"platform" : "x86",
"version_name" : "5.5.1",
"version_value" : "5.5.1"
}
]
}
}
]
},
"vendor_name" : "McAfee"
}
]
}
},
"credit" : [
{
"lang" : "eng",
"value" : "McAfee credits Brandon Vincent for discovery of this vulnerability"
}
],
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "LOCAL",
"availabilityImpact" : "LOW",
"baseScore" : 2.3,
"baseSeverity" : "LOW",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "HIGH",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:L",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insecure Temporary File (CWE-377)"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@mcafee.com",
"ID": "CVE-2018-6705",
"STATE": "PUBLIC",
"TITLE": "McAfee Agent (MA) for Linux Privilege Escalation vulnerability "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "McAfee Agent (MA) for Linux",
"version": {
"version_data": [
{
"affected": ">=",
"platform": "x86",
"version_name": "5.0.0",
"version_value": "5.0.0"
},
{
"affected": "<=",
"platform": "x86",
"version_name": "5.0.6",
"version_value": "5.0.6"
},
{
"affected": "=",
"platform": "x86",
"version_name": "5.5.0",
"version_value": "5.5.0"
},
{
"affected": "=",
"platform": "x86",
"version_name": "5.5.1",
"version_value": "5.5.1"
}
]
}
}
]
},
"vendor_name": "McAfee"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10260",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10260"
},
{
"name" : "106328",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106328"
}
]
},
"solution" : [
{
"lang" : "eng",
"value" : "McAfee highly recommends that all customers upgrade to McAfee Agent 5.6.0."
}
],
"source" : {
"advisory" : "SB10260",
"discovery" : "EXTERNAL"
}
}
}
},
"credit": [
{
"lang": "eng",
"value": "McAfee credits Brandon Vincent for discovery of this vulnerability"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insecure Temporary File (CWE-377)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106328"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10260",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10260"
}
]
},
"solution": [
{
"lang": "eng",
"value": "McAfee highly recommends that all customers upgrade to McAfee Agent 5.6.0."
}
],
"source": {
"advisory": "SB10260",
"discovery": "EXTERNAL"
}
}

140
2018/6xxx/CVE-2018-6856.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6856",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180706 Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities.",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jul/20"
},
{
"name" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/"
},
{
"name" : "https://community.sophos.com/kb/en-us/131934",
"refsource" : "CONFIRM",
"url" : "https://community.sophos.com/kb/en-us/131934"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x8020601C. By crafting an input buffer we can control the execution path to the point where a global variable will be written to a user controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.sophos.com/kb/en-us/131934",
"refsource": "CONFIRM",
"url": "https://community.sophos.com/kb/en-us/131934"
},
{
"name": "20180706 Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities.",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/20"
},
{
"name": "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/",
"refsource": "MISC",
"url": "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/"
}
]
}
}

34
2018/7xxx/CVE-2018-7037.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7037",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7037",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/7xxx/CVE-2018-7479.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7479",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7479",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/kongxin520/YzmCMS/blob/master/YzmCMS_3.6_bug.md",
"refsource" : "MISC",
"url" : "https://github.com/kongxin520/YzmCMS/blob/master/YzmCMS_3.6_bug.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "YzmCMS 3.6 allows remote attackers to discover the full path via a direct request to application/install/templates/s1.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/kongxin520/YzmCMS/blob/master/YzmCMS_3.6_bug.md",
"refsource": "MISC",
"url": "https://github.com/kongxin520/YzmCMS/blob/master/YzmCMS_3.6_bug.md"
}
]
}
}

120
2018/7xxx/CVE-2018-7923.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2018-7923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ALP-L09",
"version" : {
"version_data" : [
{
"version_value" : "Versions earlier than ALP-L09 8.0.0.150(C432)"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the attacker to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "insufficient input validation"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ALP-L09",
"version": {
"version_data": [
{
"version_value": "Versions earlier than ALP-L09 8.0.0.150(C432)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180911-01-smartphone-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180911-01-smartphone-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei ALP-L09 smart phones with versions earlier than ALP-L09 8.0.0.150(C432) have an insufficient input validation vulnerability due to lack of parameter check. An attacker tricks the user who has root privilege to install a crafted application, the application may modify the specific data to exploit the vulnerability. Successful exploit could allow the attacker to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient input validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180911-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180911-01-smartphone-en"
}
]
}
}

120
2018/7xxx/CVE-2018-7933.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2018-7933",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HiRouter-CD20, WS5200",
"version" : {
"version_data" : [
{
"version_value" : "HiRouter-CD20 The versions before HiRouter-CD20-10 1.9.6, WS5200 The versions before WS5200-10 1.9.6"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "path traversal"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7933",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiRouter-CD20, WS5200",
"version": {
"version_data": [
{
"version_value": "HiRouter-CD20 The versions before HiRouter-CD20-10 1.9.6, WS5200 The versions before WS5200-10 1.9.6"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180502-01-gateway-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180502-01-gateway-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei home gateway products HiRouter-CD20 and WS5200 with the versions before HiRouter-CD20-10 1.9.6 and the versions before WS5200-10 1.9.6 have a path traversal vulnerability. Due to the lack of validation while these home gateway products install APK plugins, an attacker tricks a user into installing a malicious APK plugin, and plugin can overwrite arbitrary file of devices. Successful exploit may result in arbitrary code execution or privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180502-01-gateway-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180502-01-gateway-en"
}
]
}
}

132
2018/8xxx/CVE-2018-8032.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-07-08T00:00:00",
"ID" : "CVE-2018-8032",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Axis",
"version" : {
"version_data" : [
{
"version_value" : "1.x up to and including 1.4"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-07-08T00:00:00",
"ID": "CVE-2018-8032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Axis",
"version": {
"version_data": [
{
"version_value": "1.x up to and including 1.4"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
"refsource" : "MLIST",
"url" : "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E"
},
{
"name" : "https://issues.apache.org/jira/browse/AXIS-2924",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/AXIS-2924"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/AXIS-2924",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/AXIS-2924"
},
{
"name": "[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
"refsource": "MLIST",
"url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060@Atlassian.JIRA%3E"
}
]
}
}

34
2018/8xxx/CVE-2018-8668.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8668",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8668",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}