admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:02:33 +00:00
parent 64a4f4c873
commit 2d7ee87597
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3557 additions and 3557 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
1999/1xxx/CVE-1999-1487.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1487",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1487",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "IX74599",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/servlet/support/manager?rt=0&rs=0&org=apars&doc=41D8B61D1E1C4FAB852567C9002C546C"
},
{
"name" : "405",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/405"
},
{
"name" : "aix-digest(7477)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/7477.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in digest in AIX 4.3 allows printq users to gain root privileges by creating and/or modifing any file on the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IX74599",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/servlet/support/manager?rt=0&rs=0&org=apars&doc=41D8B61D1E1C4FAB852567C9002C546C"
},
{
"name": "aix-digest(7477)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7477.php"
},
{
"name": "405",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/405"
}
]
}
}

140
2000/1xxx/CVE-2000-1213.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001025 Immunix OS Security Update for ping package",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=97249980727834&w=2"
},
{
"name" : "20001030 Trustix Security Advisory - ping gnupg ypbind",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html"
},
{
"name" : "RHSA-2000:087",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2000-087.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 through 7J and other operating systems, does not drop privileges after acquiring a raw socket, which increases ping's exposure to bugs that otherwise would occur at lower privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2000:087",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-087.html"
},
{
"name": "20001025 Immunix OS Security Update for ping package",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=97249980727834&w=2"
},
{
"name": "20001030 Trustix Security Advisory - ping gnupg ypbind",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html"
}
]
}
}

160
2005/0xxx/CVE-2005-0470.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0470",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0470",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "GLSA-200502-22",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml"
},
{
"name" : "[HostAP] 20050213 wpa_supplicant - new stable releases v0.3.8 and v0.2.7",
"refsource" : "MLIST",
"url" : "http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html"
},
{
"name" : "1013226",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013226"
},
{
"name" : "14313",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14313"
},
{
"name" : "wpasupplicant-bo(19357)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19357"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[HostAP] 20050213 wpa_supplicant - new stable releases v0.3.8 and v0.2.7",
"refsource": "MLIST",
"url": "http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html"
},
{
"name": "wpasupplicant-bo(19357)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19357"
},
{
"name": "GLSA-200502-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml"
},
{
"name": "14313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14313"
},
{
"name": "1013226",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013226"
}
]
}
}

130
2005/0xxx/CVE-2005-0661.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0661",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1013351",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013351"
},
{
"name" : "14450",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14450"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14450"
},
{
"name": "1013351",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013351"
}
]
}
}

34
2005/2xxx/CVE-2005-2446.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2446",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2369. Reason: This candidate is a duplicate of CVE-2005-2369. Notes: All CVE users should reference CVE-2005-2369 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-2446",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2369. Reason: This candidate is a duplicate of CVE-2005-2369. Notes: All CVE users should reference CVE-2005-2369 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

170
2005/2xxx/CVE-2005-2634.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2634",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Log-SCR function in the \"Log to Screen\" feature in WinFtp Server 1.6.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050817 Unicode Buffer Overflow in WinFtp Server 1.6.8",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112431455512374&w=2"
},
{
"name" : "20050817 Unicode Buffer Overflow in WinFtp Server 1.6.8",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036173.html"
},
{
"name" : "http://www.autistici.org/fdonato/advisory/WinFtpServer1.6.8-adv.txt",
"refsource" : "MISC",
"url" : "http://www.autistici.org/fdonato/advisory/WinFtpServer1.6.8-adv.txt"
},
{
"name" : "14581",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14581"
},
{
"name" : "16461",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16461/"
},
{
"name" : "win-ftp-log-scr-bo(21873)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21873"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Log-SCR function in the \"Log to Screen\" feature in WinFtp Server 1.6.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.autistici.org/fdonato/advisory/WinFtpServer1.6.8-adv.txt",
"refsource": "MISC",
"url": "http://www.autistici.org/fdonato/advisory/WinFtpServer1.6.8-adv.txt"
},
{
"name": "win-ftp-log-scr-bo(21873)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21873"
},
{
"name": "14581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14581"
},
{
"name": "16461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16461/"
},
{
"name": "20050817 Unicode Buffer Overflow in WinFtp Server 1.6.8",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112431455512374&w=2"
},
{
"name": "20050817 Unicode Buffer Overflow in WinFtp Server 1.6.8",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-August/036173.html"
}
]
}
}

240
2005/2xxx/CVE-2005-2672.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2672",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-814",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-814"
},
{
"name" : "MDKSA-2005:149",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:149"
},
{
"name" : "RHSA-2005:825",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-825.html"
},
{
"name" : "USN-172-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/172-1/"
},
{
"name" : "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES",
"refsource" : "CONFIRM",
"url" : "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193"
},
{
"name" : "14624",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14624"
},
{
"name" : "oval:org.mitre.oval:def:9993",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993"
},
{
"name" : "ADV-2005-1492",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1492"
},
{
"name" : "1015180",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015180"
},
{
"name" : "16501",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16501"
},
{
"name" : "17499",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17499"
},
{
"name" : "17535",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17535"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES",
"refsource": "CONFIRM",
"url": "http://secure.netroedge.com/~lm78/cvs/lm_sensors2/CHANGES"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324193"
},
{
"name": "1015180",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015180"
},
{
"name": "USN-172-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/172-1/"
},
{
"name": "17535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17535"
},
{
"name": "16501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16501"
},
{
"name": "RHSA-2005:825",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-825.html"
},
{
"name": "oval:org.mitre.oval:def:9993",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9993"
},
{
"name": "14624",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14624"
},
{
"name": "MDKSA-2005:149",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:149"
},
{
"name": "17499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17499"
},
{
"name": "ADV-2005-1492",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1492"
},
{
"name": "DSA-814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-814"
}
]
}
}

200
2005/2xxx/CVE-2005-2987.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2987",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in login.php in Digital Scribe 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050915 Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112680124115325&w=2"
},
{
"name" : "http://rgod.altervista.org/dscribe14.html",
"refsource" : "MISC",
"url" : "http://rgod.altervista.org/dscribe14.html"
},
{
"name" : "14843",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14843"
},
{
"name" : "ADV-2005-1757",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1757"
},
{
"name" : "19460",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19460"
},
{
"name" : "1014909",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014909"
},
{
"name" : "16841",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16841/"
},
{
"name" : "10",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/10"
},
{
"name" : "digitalscribe-login-sql-injection(22286)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22286"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in login.php in Digital Scribe 1.4 allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050915 Digital Scribe v1.4 Login Bypass / SQL injection / remote code execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112680124115325&w=2"
},
{
"name": "14843",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14843"
},
{
"name": "16841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16841/"
},
{
"name": "10",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/10"
},
{
"name": "1014909",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014909"
},
{
"name": "digitalscribe-login-sql-injection(22286)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22286"
},
{
"name": "ADV-2005-1757",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1757"
},
{
"name": "19460",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19460"
},
{
"name": "http://rgod.altervista.org/dscribe14.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/dscribe14.html"
}
]
}
}

130
2005/3xxx/CVE-2005-3173.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3173",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3173",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "900345",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/kb/900345"
},
{
"name" : "821102",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/kb/821102"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "821102",
"refsource": "MSKB",
"url": "http://support.microsoft.com/kb/821102"
},
{
"name": "900345",
"refsource": "MSKB",
"url": "http://support.microsoft.com/kb/900345"
}
]
}
}

170
2005/3xxx/CVE-2005-3508.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3508",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051104 Gallery_v2.4 SQL Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/415806/30/0/threaded"
},
{
"name" : "15313",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15313"
},
{
"name" : "ADV-2005-2309",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2309"
},
{
"name" : "20523",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20523"
},
{
"name" : "1015162",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015162"
},
{
"name" : "17453",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17453"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2309",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2309"
},
{
"name": "1015162",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015162"
},
{
"name": "20523",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20523"
},
{
"name": "17453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17453"
},
{
"name": "15313",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15313"
},
{
"name": "20051104 Gallery_v2.4 SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/415806/30/0/threaded"
}
]
}
}

180
2005/3xxx/CVE-2005-3555.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051107 [TKADV2005-11-001] Multiple vulnerabilities in PHPlist",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/416005/30/0/threaded"
},
{
"name" : "http://www.trapkit.de/advisories/TKADV2005-11-001.txt",
"refsource" : "MISC",
"url" : "http://www.trapkit.de/advisories/TKADV2005-11-001.txt"
},
{
"name" : "15350",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15350"
},
{
"name" : "ADV-2005-2345",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2345"
},
{
"name" : "20567",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/20567"
},
{
"name" : "20568",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/20568"
},
{
"name" : "17476",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17476"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier allow authenticated remote attackers with administrator privileges to execute arbitrary SQL commands via the id parameter in the (1) editattributes or (2) admin page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-001.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-001.txt"
},
{
"name": "20051107 [TKADV2005-11-001] Multiple vulnerabilities in PHPlist",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/416005/30/0/threaded"
},
{
"name": "ADV-2005-2345",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2345"
},
{
"name": "20568",
"refsource": "OSVDB",
"url": "http://osvdb.org/20568"
},
{
"name": "20567",
"refsource": "OSVDB",
"url": "http://osvdb.org/20567"
},
{
"name": "17476",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17476"
},
{
"name": "15350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15350"
}
]
}
}

190
2005/3xxx/CVE-2005-3929.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3929",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via \"..\" sequences in the module parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051129 Xaraya <= 1.0.0 RC4 D.O.S / file corruption",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/418087/100/0/threaded"
},
{
"name" : "20051130 Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/418191/100/0/threaded"
},
{
"name" : "20051130 Re: Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/418209/100/0/threaded"
},
{
"name" : "http://rgod.altervista.org/xaraya1DOS.hmtl",
"refsource" : "MISC",
"url" : "http://rgod.altervista.org/xaraya1DOS.hmtl"
},
{
"name" : "15623",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15623"
},
{
"name" : "ADV-2005-2665",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2665"
},
{
"name" : "17788",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17788"
},
{
"name" : "217",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/217"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the create function in xarMLSXML2PHPBackend.php in Xaraya 1.0 allows remote attackers to create directories and overwrite arbitrary files via \"..\" sequences in the module parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051129 Xaraya <= 1.0.0 RC4 D.O.S / file corruption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418087/100/0/threaded"
},
{
"name": "ADV-2005-2665",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2665"
},
{
"name": "http://rgod.altervista.org/xaraya1DOS.hmtl",
"refsource": "MISC",
"url": "http://rgod.altervista.org/xaraya1DOS.hmtl"
},
{
"name": "17788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17788"
},
{
"name": "217",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/217"
},
{
"name": "20051130 Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418191/100/0/threaded"
},
{
"name": "15623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15623"
},
{
"name": "20051130 Re: Re: Xaraya <= 1.0.0 RC4 D.O.S / file corruption",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418209/100/0/threaded"
}
]
}
}

150
2005/3xxx/CVE-2005-3983.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA01076",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/418280/100/0/threaded"
},
{
"name" : "SSRT4787",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/418280/100/0/threaded"
},
{
"name" : "oval:org.mitre.oval:def:1582",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1582"
},
{
"name" : "hp-sim-ms04025dos(17235)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17235"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the login page for HP Systems Insight Manager (SIM) 4.0 and 4.1, when accessed by Microsoft Internet Explorer with the MS04-025 patch, leads to a denial of service (browser hang). NOTE: although the advisory is vague, this issue does not appear to involve an attacker at all. If not, then this issue is not a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT4787",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/418280/100/0/threaded"
},
{
"name": "HPSBMA01076",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/418280/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:1582",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1582"
},
{
"name": "hp-sim-ms04025dos(17235)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17235"
}
]
}
}

160
2005/4xxx/CVE-2005-4279.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4279",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "GLSA-200510-14",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml"
},
{
"name" : "15120",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15120"
},
{
"name" : "ADV-2005-2119",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2119"
},
{
"name" : "20087",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20087"
},
{
"name" : "17232",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17232"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2119",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2119"
},
{
"name": "GLSA-200510-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-14.xml"
},
{
"name": "20087",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20087"
},
{
"name": "17232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17232"
},
{
"name": "15120",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15120"
}
]
}
}

150
2005/4xxx/CVE-2005-4314.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4314",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) stop and (2) user parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/ppcal-shopping-cart-xss.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/ppcal-shopping-cart-xss.html"
},
{
"name" : "15892",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15892"
},
{
"name" : "ADV-2005-2918",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2918"
},
{
"name" : "18032",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18032"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal Shopping Cart 3.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) stop and (2) user parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2005/12/ppcal-shopping-cart-xss.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/ppcal-shopping-cart-xss.html"
},
{
"name": "18032",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18032"
},
{
"name": "15892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15892"
},
{
"name": "ADV-2005-2918",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2918"
}
]
}
}

34
2005/4xxx/CVE-2005-4535.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4535",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-4535",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}

130
2005/4xxx/CVE-2005-4773.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4773",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk*BWh&p_lva=&p_faqid=1817",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk*BWh&p_lva=&p_faqid=1817"
},
{
"name" : "21584",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21584"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the service console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk*BWh&p_lva=&p_faqid=1817",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/kb/enduser/std_adp.php?p_sid=dsxk*BWh&p_lva=&p_faqid=1817"
},
{
"name": "21584",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21584"
}
]
}
}

150
2009/2xxx/CVE-2009-2341.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2341",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9080",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9080"
},
{
"name" : "35562",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35562"
},
{
"name" : "55561",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55561"
},
{
"name" : "35677",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35677"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35562"
},
{
"name": "9080",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9080"
},
{
"name": "55561",
"refsource": "OSVDB",
"url": "http://osvdb.org/55561"
},
{
"name": "35677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35677"
}
]
}
}

150
2009/3xxx/CVE-2009-3003.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html"
},
{
"name" : "oval:org.mitre.oval:def:12817",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12817"
},
{
"name" : "36334",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36334"
},
{
"name" : "ie-windowopen-spoofing(53005)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53005"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ie-windowopen-spoofing(53005)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53005"
},
{
"name": "36334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36334"
},
{
"name": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html"
},
{
"name": "oval:org.mitre.oval:def:12817",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12817"
}
]
}
}

140
2009/3xxx/CVE-2009-3106.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3106",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876"
},
{
"name" : "PK83258",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK83258"
},
{
"name" : "was-doget-dotrace-security-bypass(53051)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53051"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876"
},
{
"name": "was-doget-dotrace-security-bypass(53051)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53051"
},
{
"name": "PK83258",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK83258"
}
]
}
}

140
2009/3xxx/CVE-2009-3341.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3341",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3341",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://intevydis.com/vd-list.shtml",
"refsource" : "MISC",
"url" : "http://intevydis.com/vd-list.shtml"
},
{
"name" : "1022827",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022827"
},
{
"name" : "36571",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36571"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1022827",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022827"
},
{
"name": "36571",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36571"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
}
]
}
}

120
2009/3xxx/CVE-2009-3515.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9312",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9312"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in dnet_admin/index.php in d.net CMS allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the type parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9312",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9312"
}
]
}
}

150
2009/3xxx/CVE-2009-3528.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3528",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9105",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9105"
},
{
"name" : "55792",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/55792"
},
{
"name" : "35753",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35753"
},
{
"name" : "mymsg-profile-sql-injection(51635)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51635"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows remote authenticated users to execute arbitrary SQL commands via the uid parameter in a show action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9105",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9105"
},
{
"name": "35753",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35753"
},
{
"name": "55792",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55792"
},
{
"name": "mymsg-profile-sql-injection(51635)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51635"
}
]
}
}

150
2009/3xxx/CVE-2009-3677.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3677",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka \"MS-CHAP Authentication Bypass Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-3677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS09-071",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-071"
},
{
"name" : "TA09-342A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
},
{
"name" : "oval:org.mitre.oval:def:6209",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6209"
},
{
"name" : "1023291",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023291"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka \"MS-CHAP Authentication Bypass Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS09-071",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-071"
},
{
"name": "TA09-342A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
},
{
"name": "1023291",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023291"
},
{
"name": "oval:org.mitre.oval:def:6209",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6209"
}
]
}
}

150
2009/4xxx/CVE-2009-4091.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4091",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "10180",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10180"
},
{
"name" : "37063",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37063"
},
{
"name" : "21390",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21390"
},
{
"name" : "simplog-comments-security-bypass(54355)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54355"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "comments.php in Simplog 0.9.3.2, and possibly earlier, does not properly restrict access, which allows remote attackers to edit or delete comments via the (1) edit or (2) del action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "simplog-comments-security-bypass(54355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54355"
},
{
"name": "21390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21390"
},
{
"name": "10180",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10180"
},
{
"name": "37063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37063"
}
]
}
}

150
2009/4xxx/CVE-2009-4424.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4424",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0912-exploits/wppyrmont-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0912-exploits/wppyrmont-sql.txt"
},
{
"name" : "10535",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10535"
},
{
"name" : "37409",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37409"
},
{
"name" : "pyrmontv2-id-sql-injection(54907)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54907"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in results.php in the Pyrmont plugin 2 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0912-exploits/wppyrmont-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0912-exploits/wppyrmont-sql.txt"
},
{
"name": "pyrmontv2-id-sql-injection(54907)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54907"
},
{
"name": "10535",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10535"
},
{
"name": "37409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37409"
}
]
}
}

150
2009/4xxx/CVE-2009-4751.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.org/0907-exploits/swingerclub-sqlrfi.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.org/0907-exploits/swingerclub-sqlrfi.txt"
},
{
"name" : "55794",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/55794"
},
{
"name" : "35724",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35724"
},
{
"name" : "swingerclub-start-sql-injection(51660)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51660"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in anzeiger/start.php in Swinger Club Portal allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.packetstormsecurity.org/0907-exploits/swingerclub-sqlrfi.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/0907-exploits/swingerclub-sqlrfi.txt"
},
{
"name": "swingerclub-start-sql-injection(51660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51660"
},
{
"name": "55794",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55794"
},
{
"name": "35724",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35724"
}
]
}
}

130
2015/0xxx/CVE-2015-0167.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0167",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in textAngular before 1.3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the editor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0167",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/fraywing/textAngular/releases/tag/v1.3.7",
"refsource" : "CONFIRM",
"url" : "https://github.com/fraywing/textAngular/releases/tag/v1.3.7"
},
{
"name" : "textangular-cve20150167-xss(100929)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in textAngular before 1.3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the editor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/fraywing/textAngular/releases/tag/v1.3.7",
"refsource": "CONFIRM",
"url": "https://github.com/fraywing/textAngular/releases/tag/v1.3.7"
},
{
"name": "textangular-cve20150167-xss(100929)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100929"
}
]
}
}

130
2015/0xxx/CVE-2015-0676.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0676",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries, aka Bug ID CSCuq77655."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0676",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150408 Multiple Vulnerabilities in Cisco ASA Software",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa"
},
{
"name" : "1032045",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032045"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNS implementation in Cisco Adaptive Security Appliance (ASA) Software 7.2 before 7.2(5.16), 8.2 before 8.2(5.57), 8.3 before 8.3(2.44), 8.4 before 8.4(7.28), 8.5 before 8.5(1.24), 8.6 before 8.6(1.17), 8.7 before 8.7(1.16), 9.0 before 9.0(4.33), 9.1 before 9.1(6.1), 9.2 before 9.2(3.4), and 9.3 before 9.3(3) allows man-in-the-middle attackers to cause a denial of service (memory consumption or device outage) by triggering outbound DNS queries and then sending crafted responses to these queries, aka Bug ID CSCuq77655."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032045",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032045"
},
{
"name": "20150408 Multiple Vulnerabilities in Cisco ASA Software",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-asa"
}
]
}
}

150
2015/0xxx/CVE-2015-0866.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0866",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-0866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150128 Two XSS Vulnerabilities in SupportCenter Plus",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534564/100/0/threaded"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23247",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23247"
},
{
"name" : "https://forums.manageengine.com/topic/security-update-for-supportcenter-plus",
"refsource" : "CONFIRM",
"url" : "https://forums.manageengine.com/topic/security-update-for-supportcenter-plus"
},
{
"name" : "72349",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72349"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.9 before hotfix 7941 allow remote attackers to inject arbitrary web script or HTML via the (1) fromCustomer, (2) username, or (3) password parameter to HomePage.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.htbridge.com/advisory/HTB23247",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23247"
},
{
"name": "https://forums.manageengine.com/topic/security-update-for-supportcenter-plus",
"refsource": "CONFIRM",
"url": "https://forums.manageengine.com/topic/security-update-for-supportcenter-plus"
},
{
"name": "72349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72349"
},
{
"name": "20150128 Two XSS Vulnerabilities in SupportCenter Plus",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534564/100/0/threaded"
}
]
}
}

34
2015/0xxx/CVE-2015-0957.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0957",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-0957",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2015/1xxx/CVE-2015-1050.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1050",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150113 [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/534459/100/0/threaded"
},
{
"name" : "20150113 [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jan/43"
},
{
"name" : "http://packetstormsecurity.com/files/129911/F5-BIG-IP-Application-Security-Manager-ASM-XSS.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129911/F5-BIG-IP-Application-Security-Manager-ASM-XSS.html"
},
{
"name" : "1031551",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031551"
},
{
"name" : "f5bigip-responsebody-xss(99907)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99907"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150113 [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534459/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/129911/F5-BIG-IP-Application-Security-Manager-ASM-XSS.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129911/F5-BIG-IP-Application-Security-Manager-ASM-XSS.html"
},
{
"name": "f5bigip-responsebody-xss(99907)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99907"
},
{
"name": "20150113 [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/43"
},
{
"name": "1031551",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031551"
}
]
}
}

360
2015/1xxx/CVE-2015-1265.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1265",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37766",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37766/"
},
{
"name" : "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=413534",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=413534"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=445741",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=445741"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=448057",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=448057"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=454157",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=454157"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=458026",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=458026"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=464642",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=464642"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=464792",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=464792"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=465426",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=465426"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=467372",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=467372"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=467644",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=467644"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=474784",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=474784"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=475070",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=475070"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=476107",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=476107"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=484270",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=484270"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=485412",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=485412"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=485419",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=485419"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=489518",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=489518"
},
{
"name" : "DSA-3267",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3267"
},
{
"name" : "GLSA-201506-04",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201506-04"
},
{
"name" : "openSUSE-SU-2015:1877",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html"
},
{
"name" : "openSUSE-SU-2015:0969",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html"
},
{
"name" : "74727",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74727"
},
{
"name" : "1032375",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032375"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 43.0.2357.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=445741",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=445741"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=413534",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=413534"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=448057",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=448057"
},
{
"name": "openSUSE-SU-2015:0969",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=484270",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=484270"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=464792",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=464792"
},
{
"name": "37766",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37766/"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=485412",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=485412"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=454157",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=454157"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=467644",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=467644"
},
{
"name": "74727",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74727"
},
{
"name": "GLSA-201506-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201506-04"
},
{
"name": "openSUSE-SU-2015:1877",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html"
},
{
"name": "1032375",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032375"
},
{
"name": "DSA-3267",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3267"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=476107",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=476107"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=475070",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=475070"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=465426",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=465426"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=458026",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=458026"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=474784",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=474784"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=464642",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=464642"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=489518",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=489518"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=485419",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=485419"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=467372",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=467372"
}
]
}
}

190
2015/1xxx/CVE-2015-1306.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1306",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-1306",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150120 Possible CVE request: sympa: vulnerability in the web interface",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/20/4"
},
{
"name" : "https://www.sympa.org/security_advisories",
"refsource" : "CONFIRM",
"url" : "https://www.sympa.org/security_advisories"
},
{
"name" : "http://advisories.mageia.org/MGASA-2015-0085.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2015-0085.html"
},
{
"name" : "DSA-3134",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3134"
},
{
"name" : "MDVSA-2015:051",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"
},
{
"name" : "72277",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72277"
},
{
"name" : "62387",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62387"
},
{
"name" : "62442",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62442"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2015:051",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:051"
},
{
"name": "[oss-security] 20150120 Possible CVE request: sympa: vulnerability in the web interface",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/20/4"
},
{
"name": "https://www.sympa.org/security_advisories",
"refsource": "CONFIRM",
"url": "https://www.sympa.org/security_advisories"
},
{
"name": "62387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62387"
},
{
"name": "72277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72277"
},
{
"name": "62442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62442"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0085.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0085.html"
},
{
"name": "DSA-3134",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3134"
}
]
}
}

130
2015/1xxx/CVE-2015-1317.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2015-1317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.launchpad.net/oxide/+bug/1431484",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/oxide/+bug/1431484"
},
{
"name" : "USN-2556-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2556-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before 1.6.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by deleting all WebContents while a RenderProcessHost instance still exists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/oxide/+bug/1431484",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/oxide/+bug/1431484"
},
{
"name": "USN-2556-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2556-1"
}
]
}
}

150
2015/1xxx/CVE-2015-1864.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1864",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150414 CVE-2015-1864: Multiple HTML and Javascript injections",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/14/12"
},
{
"name" : "https://kallithea-scm.org/repos/kallithea/changeset/a8f2986afc18c9221bf99f88b06e60ab83c86c55",
"refsource" : "CONFIRM",
"url" : "https://kallithea-scm.org/repos/kallithea/changeset/a8f2986afc18c9221bf99f88b06e60ab83c86c55"
},
{
"name" : "https://kallithea-scm.org/security/cve-2015-1864.html",
"refsource" : "CONFIRM",
"url" : "https://kallithea-scm.org/security/cve-2015-1864.html"
},
{
"name" : "74184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the administration pages in Kallithea before 0.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) first name or (2) last name user details, or the (3) repository, (4) repository group, or (5) user group description."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kallithea-scm.org/security/cve-2015-1864.html",
"refsource": "CONFIRM",
"url": "https://kallithea-scm.org/security/cve-2015-1864.html"
},
{
"name": "74184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74184"
},
{
"name": "[oss-security] 20150414 CVE-2015-1864: Multiple HTML and Javascript injections",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/14/12"
},
{
"name": "https://kallithea-scm.org/repos/kallithea/changeset/a8f2986afc18c9221bf99f88b06e60ab83c86c55",
"refsource": "CONFIRM",
"url": "https://kallithea-scm.org/repos/kallithea/changeset/a8f2986afc18c9221bf99f88b06e60ab83c86c55"
}
]
}
}

34
2015/4xxx/CVE-2015-4014.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4014",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4014",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2015/4xxx/CVE-2015-4536.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4536",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-4536",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name" : "76412",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76412"
},
{
"name" : "1033296",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 before P02, when RPC tracing is configured, stores certain obfuscated password data in a log file, which allows remote authenticated users to obtain sensitive information by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033296"
},
{
"name": "20150817 ESA-2015-131: EMC Documentum Content Server Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Aug/86"
},
{
"name": "76412",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76412"
}
]
}
}

126
2018/1999xxx/CVE-2018-1999036.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-07-31T20:04:28.271874",
"DATE_REQUESTED" : "2018-07-30T00:00:00",
"ID" : "CVE-2018-1999036",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins SSH Agent Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.15 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-532"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-31T20:04:28.271874",
"DATE_REQUESTED": "2018-07-30T00:00:00",
"ID": "CVE-2018-1999036",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exposure of sensitive information vulnerability exists in Jenkins SSH Agent Plugin 1.15 and earlier in SSHAgentStepExecution.java that exposes the SSH private key password to users with permission to read the build log."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-704"
}
]
}
}

152
2018/3xxx/CVE-2018-3082.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3082",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.0.11 and prior"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3082",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.11 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"name" : "104772",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104772"
},
{
"name" : "1041294",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041294"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.11 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 2.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041294",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041294"
},
{
"name": "104772",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104772"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
}
]
}
}

34
2018/3xxx/CVE-2018-3508.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3508",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3508",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/3xxx/CVE-2018-3654.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3654",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3654",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/6xxx/CVE-2018-6024.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44124",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44124/"
},
{
"name" : "http://packetstormsecurity.com/files/146454/Joomla-Project-Log-1.5.3-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/146454/Joomla-Project-Log-1.5.3-SQL-Injection.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection exists in the Project Log 1.5.3 component for Joomla! via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44124",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44124/"
},
{
"name": "http://packetstormsecurity.com/files/146454/Joomla-Project-Log-1.5.3-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146454/Joomla-Project-Log-1.5.3-SQL-Injection.html"
}
]
}
}

162
2018/6xxx/CVE-2018-6078.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6078",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "65.0.3325.146"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient policy enforcement"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6078",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "65.0.3325.146"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/793628",
"refsource" : "MISC",
"url" : "https://crbug.com/793628"
},
{
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4182",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4182"
},
{
"name" : "RHSA-2018:0484",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0484"
},
{
"name" : "103297",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103297"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect handling of confusable characters in Omnibox in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted domain name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
},
{
"name": "103297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103297"
},
{
"name": "RHSA-2018:0484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
},
{
"name": "https://crbug.com/793628",
"refsource": "MISC",
"url": "https://crbug.com/793628"
},
{
"name": "DSA-4182",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4182"
}
]
}
}

140
2018/6xxx/CVE-2018-6378.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6378",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6378",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html",
"refsource" : "MISC",
"url" : "https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html"
},
{
"name" : "104268",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104268"
},
{
"name" : "1040966",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040966"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Joomla! Core before 3.8.8, inadequate filtering of file and folder names leads to various XSS attack vectors in the media manager."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html",
"refsource": "MISC",
"url": "https://developer.joomla.org/security-centre/737-20180509-core-xss-vulnerability-in-the-media-manager.html"
},
{
"name": "104268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104268"
},
{
"name": "1040966",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040966"
}
]
}
}

120
2018/6xxx/CVE-2018-6400.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\\\.\\pipe\\WPSCloudSvr\\WpsCloudSvr -- an \"insecurely created named pipe.\" Ensures full access to Everyone users group."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180309 WPS Free Office 10.2.0.5978 - NULL DACL grants full access",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Mar/27"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain privileges or cause a denial of service by impersonating all the pipes through a use of \\\\.\\pipe\\WPSCloudSvr\\WpsCloudSvr -- an \"insecurely created named pipe.\" Ensures full access to Everyone users group."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180309 WPS Free Office 10.2.0.5978 - NULL DACL grants full access",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/27"
}
]
}
}

130
2018/6xxx/CVE-2018-6406.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.chromium.org/p/webm/issues/detail?id=1492",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/webm/issues/detail?id=1492"
},
{
"name" : "https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md",
"refsource" : "MISC",
"url" : "https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/webm/issues/detail?id=1492",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/webm/issues/detail?id=1492"
},
{
"name": "https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md",
"refsource": "MISC",
"url": "https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md"
}
]
}
}

120
2018/7xxx/CVE-2018-7644.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://simplesamlphp.org/security/201802-01",
"refsource" : "CONFIRM",
"url" : "https://simplesamlphp.org/security/201802-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp before 1.15.3 incorrectly verifies signatures on SAML assertions, allowing a remote attacker to construct a crafted SAML assertion on behalf of an Identity Provider that would pass as cryptographically valid, thereby allowing them to impersonate a user from that Identity Provider, aka a key confusion issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://simplesamlphp.org/security/201802-01",
"refsource": "CONFIRM",
"url": "https://simplesamlphp.org/security/201802-01"
}
]
}
}

120
2018/7xxx/CVE-2018-7659.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7659",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://vipinxsec.blogspot.com/2018/04/stored-xss-in-documentum-d2-steps-to.html",
"refsource" : "MISC",
"url" : "https://vipinxsec.blogspot.com/2018/04/stored-xss-in-documentum-d2-steps-to.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored Cross-Site Scripting Vulnerability could potentially be exploited by malicious users to compromise the affected system via a filename of an uploaded image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vipinxsec.blogspot.com/2018/04/stored-xss-in-documentum-d2-steps-to.html",
"refsource": "MISC",
"url": "https://vipinxsec.blogspot.com/2018/04/stored-xss-in-documentum-d2-steps-to.html"
}
]
}
}

140
2018/7xxx/CVE-2018-7711.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7711",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180323 [SECURITY] [DLA 1314-1] simplesamlphp security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00017.html"
},
{
"name" : "https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d",
"refsource" : "CONFIRM",
"url" : "https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d"
},
{
"name" : "https://simplesamlphp.org/security/201803-01",
"refsource" : "CONFIRM",
"url" : "https://simplesamlphp.org/security/201803-01"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 has an incorrect check of return values in the signature validation utilities, allowing an attacker to get invalid signatures accepted as valid by forcing an error during validation. This occurs because of a dependency on PHP functionality that interprets a -1 error code as a true boolean value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d",
"refsource": "CONFIRM",
"url": "https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d"
},
{
"name": "[debian-lts-announce] 20180323 [SECURITY] [DLA 1314-1] simplesamlphp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00017.html"
},
{
"name": "https://simplesamlphp.org/security/201803-01",
"refsource": "CONFIRM",
"url": "https://simplesamlphp.org/security/201803-01"
}
]
}
}

140
2018/7xxx/CVE-2018-7758.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@se.com",
"ID" : "CVE-2018-7758",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MiCOM P540D Range with Legacy Ethernet Board",
"version" : {
"version_data" : [
{
"version_value" : "MiCOM P540D Range with Legacy Ethernet Board, MiCOM Px4x with Legacy Ethernet Board, MiCOM Px4x Rejuvenated"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"ID": "CVE-2018-7758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MiCOM P540D Range with Legacy Ethernet Board",
"version": {
"version_data": [
{
"version_value": "MiCOM P540D Range with Legacy Ethernet Board, MiCOM Px4x with Legacy Ethernet Board, MiCOM Px4x Rejuvenated"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/",
"refsource" : "CONFIRM",
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/"
},
{
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/",
"refsource" : "CONFIRM",
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/"
},
{
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/",
"refsource" : "CONFIRM",
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists in Schneider Electric's MiCOM Px4x (P540 range excluded) with legacy Ethernet board, MiCOM P540D Range with Legacy Ethernet Board, and MiCOM Px4x Rejuvenated could lose network communication in case of TCP/IP open requests on port 20000 (DNP3oE) if an older TCI/IP session is still open with identical IP address and port number."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-04/"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-03/"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-074-02/"
}
]
}
}