admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:49:31 +00:00
parent 9516b4daaf
commit 2ff3dea426
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3503 additions and 3503 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
2005/0xxx/CVE-2005-0181.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0181",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0181",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2005/0xxx/CVE-2005-0923.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html",
"refsource" : "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
},
{
"name" : "VU#713620",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/713620"
},
{
"name" : "12924",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12924"
},
{
"name" : "1013585",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013585"
},
{
"name" : "1013586",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013586"
},
{
"name" : "1013587",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013587"
},
{
"name" : "14741",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14741"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.28.html"
},
{
"name": "1013586",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013586"
},
{
"name": "VU#713620",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/713620"
},
{
"name": "1013587",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013587"
},
{
"name": "12924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12924"
},
{
"name": "1013585",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013585"
},
{
"name": "14741",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14741"
}
]
}
}

150
2005/0xxx/CVE-2005-0955.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0955",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id_ctg parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050331 MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL injection vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111230101127767&w=2"
},
{
"name" : "http://icis.digitalparadox.org/~dcrab/mxmk.txt",
"refsource" : "MISC",
"url" : "http://icis.digitalparadox.org/~dcrab/mxmk.txt"
},
{
"name" : "12957",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12957"
},
{
"name" : "14793",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14793"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id_ctg parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050331 MX Shop 1.1.1 and MX Kart 1.1.2 are vulnerable to multiple SQL injection vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111230101127767&w=2"
},
{
"name": "12957",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12957"
},
{
"name": "14793",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14793"
},
{
"name": "http://icis.digitalparadox.org/~dcrab/mxmk.txt",
"refsource": "MISC",
"url": "http://icis.digitalparadox.org/~dcrab/mxmk.txt"
}
]
}
}

150
2005/2xxx/CVE-2005-2321.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2321",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote attackers to execute arbitrary code via the CLPATH parameter to (1) cl_minical.php, (2) clmcpreload.php, (3) mcconfig.php, or (4) mcpi-demo.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14296",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14296"
},
{
"name" : "16090",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16090"
},
{
"name" : "http://www.albaniafuckgreece.org/adviso/calogic.txt",
"refsource" : "MISC",
"url" : "http://www.albaniafuckgreece.org/adviso/calogic.txt"
},
{
"name" : "http://www.calogic.de/modules/newbb/viewtopic.php?topic_id=333&forum=7",
"refsource" : "CONFIRM",
"url" : "http://www.calogic.de/modules/newbb/viewtopic.php?topic_id=333&forum=7"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote attackers to execute arbitrary code via the CLPATH parameter to (1) cl_minical.php, (2) clmcpreload.php, (3) mcconfig.php, or (4) mcpi-demo.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16090",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16090"
},
{
"name": "14296",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14296"
},
{
"name": "http://www.calogic.de/modules/newbb/viewtopic.php?topic_id=333&forum=7",
"refsource": "CONFIRM",
"url": "http://www.calogic.de/modules/newbb/viewtopic.php?topic_id=333&forum=7"
},
{
"name": "http://www.albaniafuckgreece.org/adviso/calogic.txt",
"refsource": "MISC",
"url": "http://www.albaniafuckgreece.org/adviso/calogic.txt"
}
]
}
}

170
2005/2xxx/CVE-2005-2712.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060213 IBM Lotus Domino Server LDAP DoS Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907"
},
{
"name" : "16523",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16523"
},
{
"name" : "ADV-2006-0526",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0526"
},
{
"name" : "1015611",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015611"
},
{
"name" : "domino-ldap-bind-dos(24634)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24634"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16523"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21229907"
},
{
"name": "20060213 IBM Lotus Domino Server LDAP DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=389"
},
{
"name": "ADV-2006-0526",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0526"
},
{
"name": "domino-ldap-bind-dos(24634)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24634"
},
{
"name": "1015611",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015611"
}
]
}
}

170
2005/2xxx/CVE-2005-2737.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2737",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050826 Multiple PHP Images Galleries EXIF Metadata XSS Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112511025414488&w=2"
},
{
"name" : "http://cedri.cc/advisories/EXIF_XSS.txt",
"refsource" : "MISC",
"url" : "http://cedri.cc/advisories/EXIF_XSS.txt"
},
{
"name" : "14671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14671"
},
{
"name" : "1014803",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014803"
},
{
"name" : "16597",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16597/"
},
{
"name" : "photopost-exif-xss(22020)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22020"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cedri.cc/advisories/EXIF_XSS.txt",
"refsource": "MISC",
"url": "http://cedri.cc/advisories/EXIF_XSS.txt"
},
{
"name": "1014803",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014803"
},
{
"name": "14671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14671"
},
{
"name": "photopost-exif-xss(22020)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22020"
},
{
"name": "20050826 Multiple PHP Images Galleries EXIF Metadata XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112511025414488&w=2"
},
{
"name": "16597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16597/"
}
]
}
}

130
2005/2xxx/CVE-2005-2780.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2780",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject arbitrary web script or HTML via a signature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2780",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050828 Land Down Under",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112534018805818&w=2"
},
{
"name" : "14677",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14677"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject arbitrary web script or HTML via a signature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050828 Land Down Under",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112534018805818&w=2"
},
{
"name": "14677",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14677"
}
]
}
}

300
2005/3xxx/CVE-2005-3246.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3246",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (null dereference) via unknown vectors in the (1) SCSI, (2) sFlow, or (3) RTnet dissectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-3246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html",
"refsource" : "CONFIRM",
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00021.html"
},
{
"name" : "DSA-1171",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1171"
},
{
"name" : "FLSA-2006:152922",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html"
},
{
"name" : "GLSA-200510-25",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml"
},
{
"name" : "RHSA-2005:809",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-809.html"
},
{
"name" : "SUSE-SR:2005:025",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"name" : "15148",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15148"
},
{
"name" : "20128",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20128"
},
{
"name" : "20130",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20130"
},
{
"name" : "20131",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20131"
},
{
"name" : "oval:org.mitre.oval:def:10303",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10303"
},
{
"name" : "1015082",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015082"
},
{
"name" : "17377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17377"
},
{
"name" : "17254",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17254"
},
{
"name" : "17286",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17286"
},
{
"name" : "17327",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17327"
},
{
"name" : "17392",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17392"
},
{
"name" : "17480",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17480"
},
{
"name" : "21813",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21813"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (null dereference) via unknown vectors in the (1) SCSI, (2) sFlow, or (3) RTnet dissectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:809",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-809.html"
},
{
"name": "17327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17327"
},
{
"name": "GLSA-200510-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml"
},
{
"name": "17392",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17392"
},
{
"name": "17480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17480"
},
{
"name": "1015082",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015082"
},
{
"name": "http://www.ethereal.com/appnotes/enpa-sa-00021.html",
"refsource": "CONFIRM",
"url": "http://www.ethereal.com/appnotes/enpa-sa-00021.html"
},
{
"name": "SUSE-SR:2005:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"name": "17286",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17286"
},
{
"name": "20128",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20128"
},
{
"name": "DSA-1171",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1171"
},
{
"name": "21813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21813"
},
{
"name": "FLSA-2006:152922",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html"
},
{
"name": "17377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17377"
},
{
"name": "15148",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15148"
},
{
"name": "20131",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20131"
},
{
"name": "oval:org.mitre.oval:def:10303",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10303"
},
{
"name": "20130",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20130"
},
{
"name": "17254",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17254"
}
]
}
}

130
2005/3xxx/CVE-2005-3764.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3764",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051119 [security - exponentcms]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/417218"
},
{
"name" : "17655",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17655"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The image gallery (imagegallery) component in Exponent CMS 0.96.3 and later versions does not properly check the MIME type of uploaded files, with unknown impact from the preview icon, possibly involving injection of HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051119 [security - exponentcms]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417218"
},
{
"name": "17655",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17655"
}
]
}
}

180
2005/3xxx/CVE-2005-3914.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3914",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/11/affcommerce-multiple-sql-inj.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/affcommerce-multiple-sql-inj.html"
},
{
"name" : "15545",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15545"
},
{
"name" : "ADV-2005-2550",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2550"
},
{
"name" : "21072",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21072"
},
{
"name" : "21070",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21070"
},
{
"name" : "21071",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21071"
},
{
"name" : "17690",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17690"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow remote attackers to execute arbitrary SQL commands via (1) the cl parameter to SubCategory.php and the item_id parameter in (2) ItemInfo.php and (3) ItemReview.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21070",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21070"
},
{
"name": "15545",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15545"
},
{
"name": "http://pridels0.blogspot.com/2005/11/affcommerce-multiple-sql-inj.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/affcommerce-multiple-sql-inj.html"
},
{
"name": "17690",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17690"
},
{
"name": "21072",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21072"
},
{
"name": "21071",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21071"
},
{
"name": "ADV-2005-2550",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2550"
}
]
}
}

160
2005/3xxx/CVE-2005-3935.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/11/socketkb-11x-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/socketkb-11x-vuln.html"
},
{
"name" : "15650",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15650"
},
{
"name" : "ADV-2005-2640",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2640"
},
{
"name" : "17807",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17807"
},
{
"name" : "socketkb-index-sql-injection(23308)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23308"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2640",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2640"
},
{
"name": "15650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15650"
},
{
"name": "17807",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17807"
},
{
"name": "socketkb-index-sql-injection(23308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23308"
},
{
"name": "http://pridels0.blogspot.com/2005/11/socketkb-11x-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/socketkb-11x-vuln.html"
}
]
}
}

160
2005/4xxx/CVE-2005-4241.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4241",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/vcd-db-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/vcd-db-vuln.html"
},
{
"name" : "15840",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15840"
},
{
"name" : "ADV-2005-2885",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2885"
},
{
"name" : "21700",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21700"
},
{
"name" : "18034",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18034"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15840",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15840"
},
{
"name": "18034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18034"
},
{
"name": "http://pridels0.blogspot.com/2005/12/vcd-db-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/vcd-db-vuln.html"
},
{
"name": "21700",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21700"
},
{
"name": "ADV-2005-2885",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2885"
}
]
}
}

120
2005/4xxx/CVE-2005-4296.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4296",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15851",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15851"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15851"
}
]
}
}

180
2005/4xxx/CVE-2005-4523.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4523",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource" : "MISC",
"url" : "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963"
},
{
"name" : "DSA-944",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-944"
},
{
"name" : "ADV-2005-3064",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name" : "18181",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18181/"
},
{
"name" : "18221",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18221"
},
{
"name" : "18481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18481"
},
{
"name": "18181",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18181/"
},
{
"name": "ADV-2005-3064",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3064"
},
{
"name": "18221",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18221"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963"
},
{
"name": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-11-002.txt"
},
{
"name": "DSA-944",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-944"
}
]
}
}

140
2005/4xxx/CVE-2005-4636.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4636",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://qa.openoffice.org/issues/show_bug.cgi?id=53491",
"refsource" : "CONFIRM",
"url" : "http://qa.openoffice.org/issues/show_bug.cgi?id=53491"
},
{
"name" : "MDKSA-2006:033",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:033"
},
{
"name" : "1015419",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015419"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://qa.openoffice.org/issues/show_bug.cgi?id=53491",
"refsource": "CONFIRM",
"url": "http://qa.openoffice.org/issues/show_bug.cgi?id=53491"
},
{
"name": "1015419",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015419"
},
{
"name": "MDKSA-2006:033",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:033"
}
]
}
}

160
2009/0xxx/CVE-2009-0499.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0499",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090204 CVS request - Moodle",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/02/04/1"
},
{
"name" : "http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15",
"refsource" : "CONFIRM",
"url" : "http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15"
},
{
"name" : "http://moodle.org/security/",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/security/"
},
{
"name" : "SUSE-SR:2009:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name" : "34418",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34418"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15",
"refsource": "CONFIRM",
"url": "http://cvs.moodle.org/moodle/mod/forum/post.php?r1=1.154.2.14&r2=1.154.2.15"
},
{
"name": "http://moodle.org/security/",
"refsource": "CONFIRM",
"url": "http://moodle.org/security/"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "[oss-security] 20090204 CVS request - Moodle",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/04/1"
}
]
}
}

370
2009/2xxx/CVE-2009-2654.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2654",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090724 URL spoofing bug involving Firefox's error pages and document.write",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/505242/30/0/threaded"
},
{
"name" : "20090727 Re: URL spoofing bug involving Firefox's error pages and document.write",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/505265"
},
{
"name" : "http://es.geocities.com/jplopezy/firefoxspoofing.html",
"refsource" : "MISC",
"url" : "http://es.geocities.com/jplopezy/firefoxspoofing.html"
},
{
"name" : "http://blog.mozilla.com/security/2009/07/28/url-bar-spoofing-vulnerability/",
"refsource" : "CONFIRM",
"url" : "http://blog.mozilla.com/security/2009/07/28/url-bar-spoofing-vulnerability/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=451898",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=451898"
},
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-44.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-44.html"
},
{
"name" : "DSA-1873",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1873"
},
{
"name" : "FEDORA-2009-8279",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html"
},
{
"name" : "FEDORA-2009-8288",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html"
},
{
"name" : "RHSA-2009:1430",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1430.html"
},
{
"name" : "RHSA-2009:1431",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1431.html"
},
{
"name" : "RHSA-2009:1432",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"name" : "266148",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1"
},
{
"name" : "USN-811-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/811-1/"
},
{
"name" : "35803",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35803"
},
{
"name" : "56717",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56717"
},
{
"name" : "oval:org.mitre.oval:def:9686",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9686"
},
{
"name" : "1022603",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022603"
},
{
"name" : "36001",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36001"
},
{
"name" : "36141",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36141"
},
{
"name" : "36126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36126"
},
{
"name" : "36435",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36435"
},
{
"name" : "36669",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36669"
},
{
"name" : "36670",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36670"
},
{
"name" : "ADV-2009-2006",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2006"
},
{
"name" : "ADV-2009-2142",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2142"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2142",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2142"
},
{
"name": "36141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36141"
},
{
"name": "ADV-2009-2006",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2006"
},
{
"name": "20090727 Re: URL spoofing bug involving Firefox's error pages and document.write",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505265"
},
{
"name": "RHSA-2009:1430",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1430.html"
},
{
"name": "http://blog.mozilla.com/security/2009/07/28/url-bar-spoofing-vulnerability/",
"refsource": "CONFIRM",
"url": "http://blog.mozilla.com/security/2009/07/28/url-bar-spoofing-vulnerability/"
},
{
"name": "266148",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-266148-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=451898",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=451898"
},
{
"name": "36001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36001"
},
{
"name": "USN-811-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/811-1/"
},
{
"name": "35803",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35803"
},
{
"name": "36670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36670"
},
{
"name": "36669",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36669"
},
{
"name": "oval:org.mitre.oval:def:9686",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9686"
},
{
"name": "FEDORA-2009-8288",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00261.html"
},
{
"name": "36126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36126"
},
{
"name": "RHSA-2009:1432",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-44.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-44.html"
},
{
"name": "FEDORA-2009-8279",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00198.html"
},
{
"name": "20090724 URL spoofing bug involving Firefox's error pages and document.write",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505242/30/0/threaded"
},
{
"name": "56717",
"refsource": "OSVDB",
"url": "http://osvdb.org/56717"
},
{
"name": "1022603",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022603"
},
{
"name": "http://es.geocities.com/jplopezy/firefoxspoofing.html",
"refsource": "MISC",
"url": "http://es.geocities.com/jplopezy/firefoxspoofing.html"
},
{
"name": "DSA-1873",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1873"
},
{
"name": "RHSA-2009:1431",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1431.html"
},
{
"name": "36435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36435"
}
]
}
}

34
2009/2xxx/CVE-2009-2758.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2758",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2758",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

240
2009/3xxx/CVE-2009-3074.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3074",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=467493",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=467493"
},
{
"name" : "DSA-1885",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1885"
},
{
"name" : "RHSA-2009:1430",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1430.html"
},
{
"name" : "SUSE-SA:2009:048",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"name" : "36343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36343"
},
{
"name" : "oval:org.mitre.oval:def:6053",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6053"
},
{
"name" : "oval:org.mitre.oval:def:9444",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9444"
},
{
"name" : "36671",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36671"
},
{
"name" : "37098",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37098"
},
{
"name" : "36670",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36670"
},
{
"name" : "36692",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36692"
},
{
"name" : "firefox-javascript-code-exec(53157)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the JavaScript engine in Mozilla Firefox before 3.0.14 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1885",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1885"
},
{
"name": "36343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36343"
},
{
"name": "SUSE-SA:2009:048",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"name": "RHSA-2009:1430",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1430.html"
},
{
"name": "36692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36692"
},
{
"name": "firefox-javascript-code-exec(53157)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53157"
},
{
"name": "36670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36670"
},
{
"name": "36671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36671"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=467493",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=467493"
},
{
"name": "oval:org.mitre.oval:def:6053",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6053"
},
{
"name": "37098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37098"
},
{
"name": "oval:org.mitre.oval:def:9444",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9444"
}
]
}
}

140
2009/3xxx/CVE-2009-3197.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0908-exploits/phpcalsearch-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0908-exploits/phpcalsearch-xss.txt"
},
{
"name" : "36484",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36484"
},
{
"name" : "ADV-2009-2441",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2441"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2441",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2441"
},
{
"name": "36484",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36484"
},
{
"name": "http://packetstormsecurity.org/0908-exploits/phpcalsearch-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0908-exploits/phpcalsearch-xss.txt"
}
]
}
}

150
2009/3xxx/CVE-2009-3438.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0909-exploits/joomlafb-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0909-exploits/joomlafb-sql.txt"
},
{
"name" : "36484",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36484"
},
{
"name" : "ADV-2009-2731",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2731"
},
{
"name" : "joomlafacebook-index-sql-injection(53437)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53437"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the JoomlaFacebook (com_facebook) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a student action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "joomlafacebook-index-sql-injection(53437)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53437"
},
{
"name": "http://packetstormsecurity.org/0909-exploits/joomlafb-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0909-exploits/joomlafb-sql.txt"
},
{
"name": "36484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36484"
},
{
"name": "ADV-2009-2731",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2731"
}
]
}
}

170
2009/3xxx/CVE-2009-3698.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3698",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091005 [oCERT-2009-014] Android denial-of-service issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506948/100/0/threaded"
},
{
"name" : "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=cf4550c3198d6b3d92cdc52707fe70d7cc0caa9f",
"refsource" : "MISC",
"url" : "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=cf4550c3198d6b3d92cdc52707fe70d7cc0caa9f"
},
{
"name" : "http://www.ocert.org/advisories/ocert-2009-014.html",
"refsource" : "MISC",
"url" : "http://www.ocert.org/advisories/ocert-2009-014.html"
},
{
"name" : "36590",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36590"
},
{
"name" : "1022986",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022986"
},
{
"name" : "android-dalvikapi-dos(53654)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53654"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue to CVE-2009-2656."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "android-dalvikapi-dos(53654)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53654"
},
{
"name": "1022986",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022986"
},
{
"name": "http://www.ocert.org/advisories/ocert-2009-014.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2009-014.html"
},
{
"name": "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=cf4550c3198d6b3d92cdc52707fe70d7cc0caa9f",
"refsource": "MISC",
"url": "http://android.git.kernel.org/?p=platform/frameworks/base.git;a=commit;h=cf4550c3198d6b3d92cdc52707fe70d7cc0caa9f"
},
{
"name": "36590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36590"
},
{
"name": "20091005 [oCERT-2009-014] Android denial-of-service issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506948/100/0/threaded"
}
]
}
}

140
2009/3xxx/CVE-2009-3940.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3940",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "271149",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-271149-1"
},
{
"name" : "SUSE-SR:2010:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html"
},
{
"name" : "38420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38420"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "271149",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-271149-1"
},
{
"name": "SUSE-SR:2010:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html"
},
{
"name": "38420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38420"
}
]
}
}

190
2009/4xxx/CVE-2009-4244.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4244",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4244",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100121 ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509098/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-008/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-008/"
},
{
"name" : "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource" : "CONFIRM",
"url" : "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name" : "37880",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37880"
},
{
"name" : "1023489",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023489"
},
{
"name" : "38218",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38218"
},
{
"name" : "ADV-2010-0178",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name" : "realplayer-sipr-bo(55797)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55797"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.0 through 11.0.4; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, and 11.0; Linux RealPlayer 10; and Helix Player 10.x allows remote attackers to execute arbitrary code via an SIPR codec field with a small length value that triggers incorrect memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2010-0178",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0178"
},
{
"name": "1023489",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023489"
},
{
"name": "http://service.real.com/realplayer/security/01192010_player/en/",
"refsource": "CONFIRM",
"url": "http://service.real.com/realplayer/security/01192010_player/en/"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-008/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-008/"
},
{
"name": "realplayer-sipr-bo(55797)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55797"
},
{
"name": "20100121 ZDI-10-008: RealNetworks RealPlayer SIPR Codec Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509098/100/0/threaded"
}
]
}
}

150
2009/4xxx/CVE-2009-4584.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4584",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0912-exploits/dbmastersmm-insecure.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0912-exploits/dbmastersmm-insecure.txt"
},
{
"name" : "37517",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37517"
},
{
"name" : "61393",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/61393"
},
{
"name" : "37985",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37985"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote attackers to bypass authentication and gain administrative access via a certain value of the admin_log cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0912-exploits/dbmastersmm-insecure.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0912-exploits/dbmastersmm-insecure.txt"
},
{
"name": "37517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37517"
},
{
"name": "37985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37985"
},
{
"name": "61393",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61393"
}
]
}
}

150
2009/4xxx/CVE-2009-4865.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0908-exploits/des-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0908-exploits/des-xss.txt"
},
{
"name" : "56858",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56858"
},
{
"name" : "36161",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36161"
},
{
"name" : "agency-directory-escortssearch-sql-injection(52304)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52304"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "agency-directory-escortssearch-sql-injection(52304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52304"
},
{
"name": "56858",
"refsource": "OSVDB",
"url": "http://osvdb.org/56858"
},
{
"name": "36161",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36161"
},
{
"name": "http://packetstormsecurity.org/0908-exploits/des-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0908-exploits/des-xss.txt"
}
]
}
}

140
2015/0xxx/CVE-2015-0020.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0017, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-0020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-009",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009"
},
{
"name" : "72426",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72426"
},
{
"name" : "1031723",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031723"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-0017, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031723",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031723"
},
{
"name": "72426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72426"
},
{
"name": "MS15-009",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-009"
}
]
}
}

130
2015/0xxx/CVE-2015-0691.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0691",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0691",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150415 Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd"
},
{
"name" : "1032140",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032140"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco Secure Desktop (CSD), allows remote attackers to execute arbitrary commands via a crafted web site, aka Bug ID CSCup83001."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150415 Cisco Secure Desktop Cache Cleaner Command Execution Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150415-csd"
},
{
"name": "1032140",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032140"
}
]
}
}

130
2015/0xxx/CVE-2015-0733.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0733",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150529 Cisco Headend Digital Broadband Delivery System HTTP Response-Splitting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38863"
},
{
"name" : "1032445",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032445"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the HTTP Header Handler in Digital Broadband Delivery System in Cisco Headend System Release allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks, via a crafted request, aka Bug ID CSCur25580."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032445",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032445"
},
{
"name": "20150529 Cisco Headend Digital Broadband Delivery System HTTP Response-Splitting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38863"
}
]
}
}

120
2015/1xxx/CVE-2015-1188.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1188",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1188",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150429 CVE-ID 2015-1188: Swisscom DSL Router Centro Grande (ADB)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Apr/103"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150429 CVE-ID 2015-1188: Swisscom DSL Router Centro Grande (ADB)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Apr/103"
}
]
}
}

230
2015/1xxx/CVE-2015-1335.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2015-1335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[lxc-devel] 20150929 LXC security issue - affects all supported releases",
"refsource" : "MLIST",
"url" : "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html"
},
{
"name" : "[oss-security] 20150929 Security issue in LXC (CVE-2015-1335)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/09/29/4"
},
{
"name" : "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662"
},
{
"name" : "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be",
"refsource" : "CONFIRM",
"url" : "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "DSA-3400",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3400"
},
{
"name" : "FEDORA-2015-9f8f4b182a",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html"
},
{
"name" : "FEDORA-2015-211974138f",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html"
},
{
"name" : "FEDORA-2015-ebfe46536f",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html"
},
{
"name" : "openSUSE-SU-2015:1717",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html"
},
{
"name" : "USN-2753-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2753-1"
},
{
"name" : "76894",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76894"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-9f8f4b182a",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170045.html"
},
{
"name": "[lxc-devel] 20150929 LXC security issue - affects all supported releases",
"refsource": "MLIST",
"url": "https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html"
},
{
"name": "DSA-3400",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3400"
},
{
"name": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1476662"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "76894",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76894"
},
{
"name": "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be",
"refsource": "CONFIRM",
"url": "https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be"
},
{
"name": "[oss-security] 20150929 Security issue in LXC (CVE-2015-1335)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/29/4"
},
{
"name": "USN-2753-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2753-1"
},
{
"name": "FEDORA-2015-211974138f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171358.html"
},
{
"name": "FEDORA-2015-ebfe46536f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171364.html"
},
{
"name": "openSUSE-SU-2015:1717",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00023.html"
}
]
}
}

120
2015/1xxx/CVE-2015-1602.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1602",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1602",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 improperly stores password data within project files, which makes it easier for local users to determine cleartext (1) protection-level passwords or (2) web-server passwords by leveraging the ability to read these files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-315836.pdf"
}
]
}
}

130
2015/1xxx/CVE-2015-1729.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1729",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1729",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-065",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065"
},
{
"name" : "1032894",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032894"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 9 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka \"Internet Explorer Information Disclosure Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032894",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032894"
},
{
"name": "MS15-065",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-065"
}
]
}
}

150
2015/1xxx/CVE-2015-1806.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1806",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205620",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205620"
},
{
"name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"refsource" : "CONFIRM",
"url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
},
{
"name" : "RHSA-2015:1844",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1844.html"
},
{
"name" : "RHSA-2016:0070",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:0070"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The combination filter Groovy script in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with job configuration permission to gain privileges and execute arbitrary code on the master via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205620",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205620"
},
{
"name": "RHSA-2016:0070",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
},
{
"name": "RHSA-2015:1844",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1844.html"
}
]
}
}

140
2015/5xxx/CVE-2015-5355.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5355",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/132481/GetSimple-CMS-5.7.3.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132481/GetSimple-CMS-5.7.3.1-Cross-Site-Scripting.html"
},
{
"name" : "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1046",
"refsource" : "CONFIRM",
"url" : "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1046"
},
{
"name" : "https://github.com/GetSimpleCMS/GetSimpleCMS/releases/tag/v3.3.6",
"refsource" : "CONFIRM",
"url" : "https://github.com/GetSimpleCMS/GetSimpleCMS/releases/tag/v3.3.6"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS before 3.3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post-content or (2) post-title parameter to admin/edit.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1046",
"refsource": "CONFIRM",
"url": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1046"
},
{
"name": "https://github.com/GetSimpleCMS/GetSimpleCMS/releases/tag/v3.3.6",
"refsource": "CONFIRM",
"url": "https://github.com/GetSimpleCMS/GetSimpleCMS/releases/tag/v3.3.6"
},
{
"name": "http://packetstormsecurity.com/files/132481/GetSimple-CMS-5.7.3.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132481/GetSimple-CMS-5.7.3.1-Cross-Site-Scripting.html"
}
]
}
}

180
2015/5xxx/CVE-2015-5825.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5825",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5825",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205265",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205265"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name" : "openSUSE-SU-2016:0761",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
},
{
"name" : "76766",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76766"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple iOS before 9 does not properly restrict the availability of Performance API times, which allows remote attackers to obtain sensitive information about the browser history, mouse movement, or network traffic via crafted JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "76766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76766"
},
{
"name": "openSUSE-SU-2016:0761",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
},
{
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

126
2018/1999xxx/CVE-2018-1999001.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-07-18T10:18:03.881295",
"DATE_REQUESTED" : "2018-07-18T00:00:00",
"ID" : "CVE-2018-1999001",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins",
"version" : {
"version_data" : [
{
"version_value" : "2.132 and earlier, 2.121.1 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-18T10:18:03.881295",
"DATE_REQUESTED": "2018-07-18T00:00:00",
"ID": "CVE-2018-1999001",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-897",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-897"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A unauthorized modification of configuration vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in User.java that allows attackers to provide crafted login credentials that cause Jenkins to move the config.xml file from the Jenkins home directory. If Jenkins is started without this file present, it will revert to the legacy defaults of granting administrator access to anonymous users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-897",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-07-18/#SECURITY-897"
}
]
}
}

132
2018/3xxx/CVE-2018-3099.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.5.3"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104762",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104762"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104762"
}
]
}
}

34
2018/3xxx/CVE-2018-3123.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3123",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3123",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2018/3xxx/CVE-2018-3301.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PeopleSoft Enterprise PT PeopleTools",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.55"
},
{
"version_affected" : "=",
"version_value" : "8.56"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.55"
},
{
"version_affected": "=",
"version_value": "8.56"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105598",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105598"
},
{
"name" : "1041891",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041891"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105598"
},
{
"name": "1041891",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041891"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

142
2018/3xxx/CVE-2018-3981.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2019-01-30T00:00:00",
"ID" : "CVE-2018-3981",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ACD Systems",
"version" : {
"version_data" : [
{
"version_value" : "ACDSystems Canvas Draw 5.0.0"
}
]
}
}
]
},
"vendor_name" : "Talos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out of bounds write code execution"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2019-01-30T00:00:00",
"ID": "CVE-2018-3981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ACD Systems",
"version": {
"version_data": [
{
"version_value": "ACDSystems Canvas Draw 5.0.0"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0651",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0651"
},
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0649",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0649"
},
{
"name" : "106809",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106809"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable out-of-bounds write exists in the TIFF-parsing functionality of Canvas Draw version 5.0.0. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds write code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0651",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0651"
},
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0649",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0649"
},
{
"name": "106809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106809"
}
]
}
}

122
2018/6xxx/CVE-2018-6248.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"DATE_PUBLIC" : "2018-03-28T00:00:00",
"ID" : "CVE-2018-6248",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "GPU Display Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service or possible escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service, Escalation of Privileges"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2018-03-28T00:00:00",
"ID": "CVE-2018-6248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4649",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4649"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler for DxgkDdiEscape where the software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer which may lead to denial of service or possible escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service, Escalation of Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4649",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4649"
}
]
}
}

140
2018/6xxx/CVE-2018-6380.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6380",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://developer.joomla.org/security-centre/718-20180101-core-xss-vulnerability.html",
"refsource" : "CONFIRM",
"url" : "https://developer.joomla.org/security-centre/718-20180101-core-xss-vulnerability.html"
},
{
"name" : "102921",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102921"
},
{
"name" : "1040316",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://developer.joomla.org/security-centre/718-20180101-core-xss-vulnerability.html",
"refsource": "CONFIRM",
"url": "https://developer.joomla.org/security-centre/718-20180101-core-xss-vulnerability.html"
},
{
"name": "1040316",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040316"
},
{
"name": "102921",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102921"
}
]
}
}

34
2018/6xxx/CVE-2018-6840.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6840",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6840",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7387.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7387",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7387",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7423.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7423",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7423",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/7xxx/CVE-2018-7666.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7666",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7666",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lists.openwall.net/full-disclosure/2018/02/27/1",
"refsource" : "MISC",
"url" : "http://lists.openwall.net/full-disclosure/2018/02/27/1"
},
{
"name" : "https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL injection vulnerabilities exist in the actions/vote_channel.php channelId parameter, the ajax/commonAjax.php email parameter, and the ajax/commonAjax.php username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.openwall.net/full-disclosure/2018/02/27/1",
"refsource": "MISC",
"url": "http://lists.openwall.net/full-disclosure/2018/02/27/1"
},
{
"name": "https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html",
"refsource": "MISC",
"url": "https://www.sec-consult.com/en/blog/advisories/os-command-injection-arbitrary-file-upload-sql-injection-in-clipbucket/index.html"
}
]
}
}

34
2018/7xxx/CVE-2018-7982.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7982",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-7982",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

142
2018/8xxx/CVE-2018-8842.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-08-31T00:00:00",
"ID" : "CVE-2018-8842",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "e-Alert Unit (non-medical device)",
"version" : {
"version_data" : [
{
"version_value" : "R2.1 and prior"
}
]
}
}
]
},
"vendor_name" : "Philips"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-08-31T00:00:00",
"ID": "CVE-2018-8842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "e-Alert Unit (non-medical device)",
"version": {
"version_data": [
{
"version_value": "R2.1 and prior"
}
]
}
}
]
},
"vendor_name": "Philips"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01"
},
{
"name" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource" : "CONFIRM",
"url" : "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"name" : "105194",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105194"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Philips e-Alert Unit (non-medical device), Version R2.1 and prior. The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. The Philips e-Alert communication channel is not encrypted which could therefore lead to disclosure of personal contact information and application login credentials from within the same subnet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CLEARTEXT TRANSMISSION OF SENSITIVE INFORMATION CWE-319"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.usa.philips.com/healthcare/about/customer-support/product-security",
"refsource": "CONFIRM",
"url": "https://www.usa.philips.com/healthcare/about/customer-support/product-security"
},
{
"name": "105194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105194"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01"
}
]
}
}

34
2018/8xxx/CVE-2018-8958.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8958",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8958",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}