admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:50:04 +00:00
parent f43af539b3
commit 318335ef8b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3985 additions and 3985 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2005/0xxx/CVE-2005-0337.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0337",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050204 [USN-74-1] Postfix vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110763358832637&w=2"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267837",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267837"
},
{
"name" : "RHSA-2005:152",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-152.html"
},
{
"name" : "12445",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12445"
},
{
"name" : "oval:org.mitre.oval:def:11339",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11339"
},
{
"name" : "14137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14137/"
},
{
"name" : "postfix-ipv6-security-bypass(19218)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19218"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:152",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-152.html"
},
{
"name": "12445",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12445"
},
{
"name": "20050204 [USN-74-1] Postfix vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110763358832637&w=2"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267837",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267837"
},
{
"name": "postfix-ipv6-security-bypass(19218)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19218"
},
{
"name": "14137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14137/"
},
{
"name": "oval:org.mitre.oval:def:11339",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11339"
}
]
}
}

230
2005/0xxx/CVE-2005-0380.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0380",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110565373407474&w=2"
},
{
"name" : "12206",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12206"
},
{
"name" : "12258",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12258"
},
{
"name" : "12928",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/12928"
},
{
"name" : "12930",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/12930"
},
{
"name" : "12931",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/12931"
},
{
"name" : "12932",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/12932"
},
{
"name" : "12929",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/12929"
},
{
"name" : "1012884",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1012884"
},
{
"name" : "13769",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13769"
},
{
"name" : "zeroboard-printcategory-file-include(18892)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18892"
},
{
"name" : "zeroboard-zero-vote-file-include(18893)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18893"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12206",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12206"
},
{
"name": "1012884",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012884"
},
{
"name": "13769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13769"
},
{
"name": "12930",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12930"
},
{
"name": "12932",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12932"
},
{
"name": "12929",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12929"
},
{
"name": "20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110565373407474&w=2"
},
{
"name": "zeroboard-printcategory-file-include(18892)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18892"
},
{
"name": "12931",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12931"
},
{
"name": "12258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12258"
},
{
"name": "12928",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12928"
},
{
"name": "zeroboard-zero-vote-file-include(18893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18893"
}
]
}
}

130
2005/0xxx/CVE-2005-0450.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0450",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows remote attackers to read arbitrary files via an HTTP request containing (1) .. (dot dot) or (2) \"%2e%2e\" (encoded dot dot) sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1013191",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013191"
},
{
"name" : "14283",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14283"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows remote attackers to read arbitrary files via an HTTP request containing (1) .. (dot dot) or (2) \"%2e%2e\" (encoded dot dot) sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013191",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013191"
},
{
"name": "14283",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14283"
}
]
}
}

150
2005/0xxx/CVE-2005-0452.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0452",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including \">\" and \"<\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050217 XSS vulnerabilty in ASP.Net [with details]",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110867912714913&w=2"
},
{
"name" : "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml",
"refsource" : "MISC",
"url" : "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml"
},
{
"name" : "12574",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12574"
},
{
"name" : "14214",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14214"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including \">\" and \"<\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050217 XSS vulnerabilty in ASP.Net [with details]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110867912714913&w=2"
},
{
"name": "14214",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14214"
},
{
"name": "12574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12574"
},
{
"name": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml",
"refsource": "MISC",
"url": "http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml"
}
]
}
}

150
2005/0xxx/CVE-2005-0826.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OllyDbg 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a dynamic link library (DLL) with a long filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050319 OllyDbg long process Module debug Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111125734701262&w=2"
},
{
"name" : "12850",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12850"
},
{
"name" : "1013478",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013478"
},
{
"name" : "ollydbg-long-filename-do(19750)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19750"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OllyDbg 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a dynamic link library (DLL) with a long filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ollydbg-long-filename-do(19750)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19750"
},
{
"name": "1013478",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013478"
},
{
"name": "12850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12850"
},
{
"name": "20050319 OllyDbg long process Module debug Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111125734701262&w=2"
}
]
}
}

120
2005/0xxx/CVE-2005-0899.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050325 AS/400 LDAP user accounts disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111186209318029&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050325 AS/400 LDAP user accounts disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111186209318029&w=2"
}
]
}
}

150
2005/1xxx/CVE-2005-1144.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1144",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1144",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.snkenjoi.com/secadv/secadv4.txt",
"refsource" : "MISC",
"url" : "http://www.snkenjoi.com/secadv/secadv4.txt"
},
{
"name" : "http://docs.easyphpcalendar.com/Change%20Log/changeLog.htm",
"refsource" : "CONFIRM",
"url" : "http://docs.easyphpcalendar.com/Change%20Log/changeLog.htm"
},
{
"name" : "15545",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15545"
},
{
"name" : "1013704",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013704"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to obtain sensitive information via an invalid ev parameter, which reveals the full pathname of the web server in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15545",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15545"
},
{
"name": "http://www.snkenjoi.com/secadv/secadv4.txt",
"refsource": "MISC",
"url": "http://www.snkenjoi.com/secadv/secadv4.txt"
},
{
"name": "http://docs.easyphpcalendar.com/Change%20Log/changeLog.htm",
"refsource": "CONFIRM",
"url": "http://docs.easyphpcalendar.com/Change%20Log/changeLog.htm"
},
{
"name": "1013704",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013704"
}
]
}
}

150
2005/1xxx/CVE-2005-1343.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1343",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2005-05-03",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
},
{
"name" : "APPLE-SA-2005-06-08",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html"
},
{
"name" : "TA05-136A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
},
{
"name" : "VU#706838",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/706838"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#706838",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/706838"
},
{
"name": "TA05-136A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-136A.html"
},
{
"name": "APPLE-SA-2005-06-08",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html"
},
{
"name": "APPLE-SA-2005-05-03",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
}
]
}
}

140
2005/1xxx/CVE-2005-1948.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1948",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050609 Invision Gallery Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111834146710329&w=2"
},
{
"name" : "http://www.gulftech.org/?node=research&article_id=00079-06092005",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00079-06092005"
},
{
"name" : "13907",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13907"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1) the comment parameter in an editcomment action or (2) the rating parameter when voting on a photo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gulftech.org/?node=research&article_id=00079-06092005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00079-06092005"
},
{
"name": "13907",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13907"
},
{
"name": "20050609 Invision Gallery Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111834146710329&w=2"
}
]
}
}

150
2005/3xxx/CVE-2005-3076.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3076",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL commands or trigger SQL error messages via invalid (1) pid, (2) blogid, (3) cid, or (4) m parameters to archive.php, or the (5) blogid parameter to blogadmin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.simplog.org/bugs/bug.php?op=show&bugid=55",
"refsource" : "CONFIRM",
"url" : "http://www.simplog.org/bugs/bug.php?op=show&bugid=55"
},
{
"name" : "14897",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14897"
},
{
"name" : "16881",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16881"
},
{
"name" : "755",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/755"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL commands or trigger SQL error messages via invalid (1) pid, (2) blogid, (3) cid, or (4) m parameters to archive.php, or the (5) blogid parameter to blogadmin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16881"
},
{
"name": "755",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/755"
},
{
"name": "14897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14897"
},
{
"name": "http://www.simplog.org/bugs/bug.php?op=show&bugid=55",
"refsource": "CONFIRM",
"url": "http://www.simplog.org/bugs/bug.php?op=show&bugid=55"
}
]
}
}

180
2005/3xxx/CVE-2005-3515.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Topsites script allows remote attackers to inject arbitrary web script or HTML via the ID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051020 XSS & Path Disclosure in Chipmunk's products",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112982490104274&w=2"
},
{
"name" : "http://irannetjob.com/content/view/148/28/",
"refsource" : "MISC",
"url" : "http://irannetjob.com/content/view/148/28/"
},
{
"name" : "15149",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15149/"
},
{
"name" : "20168",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20168"
},
{
"name" : "17262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17262/"
},
{
"name" : "96",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/96"
},
{
"name" : "chipmunk-multiple-scripts-xss(22823)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22823"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Topsites script allows remote attackers to inject arbitrary web script or HTML via the ID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15149",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15149/"
},
{
"name": "20168",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20168"
},
{
"name": "17262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17262/"
},
{
"name": "20051020 XSS & Path Disclosure in Chipmunk's products",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112982490104274&w=2"
},
{
"name": "96",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/96"
},
{
"name": "http://irannetjob.com/content/view/148/28/",
"refsource": "MISC",
"url": "http://irannetjob.com/content/view/148/28/"
},
{
"name": "chipmunk-multiple-scripts-xss(22823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22823"
}
]
}
}

210
2005/4xxx/CVE-2005-4558.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051227 Secunia Research: IceWarp Web Mail Multiple File InclusionVulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420255/100/0/threaded"
},
{
"name" : "20051227 Secunia Research: IceWarp Web Mail Multiple File",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=113570229524828&w=2"
},
{
"name" : "http://secunia.com/secunia_research/2005-62/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2005-62/advisory/"
},
{
"name" : "16069",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16069"
},
{
"name" : "22080",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22080"
},
{
"name" : "22081",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22081"
},
{
"name" : "1015412",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015412"
},
{
"name" : "17046",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17046"
},
{
"name" : "17865",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17865"
},
{
"name" : "visnetic-settings-file-include(23904)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23904"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "visnetic-settings-file-include(23904)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23904"
},
{
"name": "17865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17865"
},
{
"name": "16069",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16069"
},
{
"name": "17046",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17046"
},
{
"name": "1015412",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015412"
},
{
"name": "20051227 Secunia Research: IceWarp Web Mail Multiple File",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=113570229524828&w=2"
},
{
"name": "22081",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22081"
},
{
"name": "http://secunia.com/secunia_research/2005-62/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-62/advisory/"
},
{
"name": "20051227 Secunia Research: IceWarp Web Mail Multiple File InclusionVulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420255/100/0/threaded"
},
{
"name": "22080",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22080"
}
]
}
}

130
2005/4xxx/CVE-2005-4725.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4725",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.geeklog.net/forum/viewtopic.php?showtopic=61457",
"refsource" : "MISC",
"url" : "http://www.geeklog.net/forum/viewtopic.php?showtopic=61457"
},
{
"name" : "http://www.geeklog.net/article.php/geeklog-1.3.11sr3",
"refsource" : "CONFIRM",
"url" : "http://www.geeklog.net/article.php/geeklog-1.3.11sr3"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.geeklog.net/article.php/geeklog-1.3.11sr3",
"refsource": "CONFIRM",
"url": "http://www.geeklog.net/article.php/geeklog-1.3.11sr3"
},
{
"name": "http://www.geeklog.net/forum/viewtopic.php?showtopic=61457",
"refsource": "MISC",
"url": "http://www.geeklog.net/forum/viewtopic.php?showtopic=61457"
}
]
}
}

130
2005/4xxx/CVE-2005-4771.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4771",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, which allows local users to sync a handheld (PDA) device despite a policy setting that sync is unauthorized."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051014 Trusted Digital, Trusted Mobility Suite Authorization Bypass Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/413417"
},
{
"name" : "15109",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15109"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, which allows local users to sync a handheld (PDA) device despite a policy setting that sync is unauthorized."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051014 Trusted Digital, Trusted Mobility Suite Authorization Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/413417"
},
{
"name": "15109",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15109"
}
]
}
}

130
2009/0xxx/CVE-2009-0130.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0130",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus \"this report is invalid.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2009/01/12/4"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511520",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511520"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not properly check the return value from the OpenSSL DSA_do_verify function, which might allow remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077. NOTE: a package maintainer disputes this issue, reporting that there is a proper check within the only code that uses the applicable part of crypto_drv.c, and thus \"this report is invalid.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511520",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511520"
},
{
"name": "[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/01/12/4"
}
]
}
}

180
2009/0xxx/CVE-2009-0199.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0199",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2009-0199",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090905 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506286/100/0/threaded"
},
{
"name" : "[security-announce] 20090904 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2009/000065.html"
},
{
"name" : "http://secunia.com/secunia_research/2009-25/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2009-25/"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0012.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0012.html"
},
{
"name" : "36290",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36290"
},
{
"name" : "34938",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34938"
},
{
"name" : "ADV-2009-2553",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2553"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 build 185404, VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player 2.5.x before 2.5.3 build 185404, and VMware ACE 2.5.x before 2.5.3 build 185404 on Windows might allow remote attackers to execute arbitrary code via a video file with crafted dimensions (aka framebuffer parameters)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[security-announce] 20090904 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000065.html"
},
{
"name": "36290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36290"
},
{
"name": "http://secunia.com/secunia_research/2009-25/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-25/"
},
{
"name": "20090905 VMSA-2009-0012 VMware Movie Decoder, VMware Workstation, VMware Player, and VMware ACE resolve security issues.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506286/100/0/threaded"
},
{
"name": "ADV-2009-2553",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2553"
},
{
"name": "34938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34938"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0012.html"
}
]
}
}

140
2009/0xxx/CVE-2009-0492.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0492",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an \"auth vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0492",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=249202&release_id=650796",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=249202&release_id=650796"
},
{
"name" : "33127",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33127"
},
{
"name" : "ADV-2009-0020",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0020"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has unknown impact and attack vectors related to an \"auth vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=249202&release_id=650796",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=249202&release_id=650796"
},
{
"name": "ADV-2009-0020",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0020"
},
{
"name": "33127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33127"
}
]
}
}

500
2009/0xxx/CVE-2009-0688.json
View File

@ -1,252 +1,252 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0688",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-0688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091"
},
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name" : "DSA-1807",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1807"
},
{
"name" : "GLSA-200907-09",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200907-09.xml"
},
{
"name" : "MDVSA-2009:113",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:113"
},
{
"name" : "RHSA-2009:1116",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1116.html"
},
{
"name" : "SSA:2009-134-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834"
},
{
"name" : "259148",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1"
},
{
"name" : "264248",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1"
},
{
"name" : "273910",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"
},
{
"name" : "1020755",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1"
},
{
"name" : "1021699",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"
},
{
"name" : "SUSE-SR:2009:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name" : "USN-790-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-790-1"
},
{
"name" : "TA10-103B",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name" : "VU#238019",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/238019"
},
{
"name" : "34961",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34961"
},
{
"name" : "54514",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54514"
},
{
"name" : "54515",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54515"
},
{
"name" : "oval:org.mitre.oval:def:10687",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687"
},
{
"name" : "oval:org.mitre.oval:def:6136",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136"
},
{
"name" : "1022231",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022231"
},
{
"name" : "35094",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35094"
},
{
"name" : "35097",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35097"
},
{
"name" : "35102",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35102"
},
{
"name" : "35206",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35206"
},
{
"name" : "35239",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35239"
},
{
"name" : "35321",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35321"
},
{
"name" : "35416",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35416"
},
{
"name" : "35497",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35497"
},
{
"name" : "35746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35746"
},
{
"name" : "39428",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39428"
},
{
"name" : "ADV-2009-1313",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1313"
},
{
"name" : "ADV-2009-2012",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2012"
},
{
"name" : "solaris-sasl-saslencode64-bo(50554)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50554"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/saslutil.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54515",
"refsource": "OSVDB",
"url": "http://osvdb.org/54515"
},
{
"name": "35239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35239"
},
{
"name": "TA10-103B",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-103B.html"
},
{
"name": "35321",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35321"
},
{
"name": "VU#238019",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/238019"
},
{
"name": "35497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35497"
},
{
"name": "35102",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35102"
},
{
"name": "SSA:2009-134-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.448834"
},
{
"name": "35746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35746"
},
{
"name": "39428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39428"
},
{
"name": "1020755",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020755.1-1"
},
{
"name": "35094",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35094"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "DSA-1807",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1807"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0091"
},
{
"name": "oval:org.mitre.oval:def:6136",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6136"
},
{
"name": "35097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35097"
},
{
"name": "ADV-2009-1313",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1313"
},
{
"name": "ADV-2009-2012",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2012"
},
{
"name": "oval:org.mitre.oval:def:10687",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10687"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "1021699",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021699.1-1"
},
{
"name": "GLSA-200907-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-09.xml"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2010-099504.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-184.htm"
},
{
"name": "264248",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264248-1"
},
{
"name": "35206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35206"
},
{
"name": "259148",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259148-1"
},
{
"name": "MDVSA-2009:113",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:113"
},
{
"name": "RHSA-2009:1116",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1116.html"
},
{
"name": "34961",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34961"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "273910",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273910-1"
},
{
"name": "54514",
"refsource": "OSVDB",
"url": "http://osvdb.org/54514"
},
{
"name": "USN-790-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-790-1"
},
{
"name": "1022231",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022231"
},
{
"name": "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz",
"refsource": "CONFIRM",
"url": "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-2.1.23.tar.gz"
},
{
"name": "solaris-sasl-saslencode64-bo(50554)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50554"
}
]
}
}

190
2009/1xxx/CVE-2009-1441.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=10869",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=10869"
},
{
"name" : "http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html"
},
{
"name" : "34859",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34859"
},
{
"name" : "54288",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54288"
},
{
"name" : "1022174",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022174"
},
{
"name" : "35014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35014"
},
{
"name" : "ADV-2009-1266",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1266"
},
{
"name" : "chrome-paramtraitsskbitmapread-bo(50362)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50362"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ParamTraits<SkBitmap>::Read function in Google Chrome before 1.0.154.64 allows attackers to leverage renderer access to cause a denial of service (application crash) or possibly execute arbitrary code via vectors related to a large bitmap that arrives over the IPC channel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=10869",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=10869"
},
{
"name": "ADV-2009-1266",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1266"
},
{
"name": "chrome-paramtraitsskbitmapread-bo(50362)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50362"
},
{
"name": "1022174",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022174"
},
{
"name": "54288",
"refsource": "OSVDB",
"url": "http://osvdb.org/54288"
},
{
"name": "http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2009/05/stable-update-security-fix.html"
},
{
"name": "35014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35014"
},
{
"name": "34859",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34859"
}
]
}
}

140
2009/3xxx/CVE-2009-3356.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3356",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Image voting 1.0 allows remote attackers to execute arbitrary SQL commands via the show parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9639",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9639"
},
{
"name" : "36705",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36705"
},
{
"name" : "imagevoting-index-sql-injection(53178)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53178"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Image voting 1.0 allows remote attackers to execute arbitrary SQL commands via the show parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9639",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9639"
},
{
"name": "imagevoting-index-sql-injection(53178)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53178"
},
{
"name": "36705",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36705"
}
]
}
}

140
2009/3xxx/CVE-2009-3425.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9350",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9350"
},
{
"name" : "36105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36105"
},
{
"name" : "ADV-2009-2136",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2136"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9350",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9350"
},
{
"name": "36105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36105"
},
{
"name": "ADV-2009-2136",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2136"
}
]
}
}

140
2009/3xxx/CVE-2009-3445.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3445",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Code-Crafters Ability Mail Server before 2.70 allows remote attackers to cause a denial of service (daemon crash) via an IMAP4 FETCH command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.code-crafters.com/abilitymailserver/updatelog.html",
"refsource" : "CONFIRM",
"url" : "http://www.code-crafters.com/abilitymailserver/updatelog.html"
},
{
"name" : "36519",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36519"
},
{
"name" : "36888",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Code-Crafters Ability Mail Server before 2.70 allows remote attackers to cause a denial of service (daemon crash) via an IMAP4 FETCH command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36519",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36519"
},
{
"name": "36888",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36888"
},
{
"name": "http://www.code-crafters.com/abilitymailserver/updatelog.html",
"refsource": "CONFIRM",
"url": "http://www.code-crafters.com/abilitymailserver/updatelog.html"
}
]
}
}

34
2009/3xxx/CVE-2009-3925.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3925",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-3925",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}

160
2009/4xxx/CVE-2009-4076.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4076",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://trac.roundcube.net/wiki/Changelog",
"refsource" : "MISC",
"url" : "http://trac.roundcube.net/wiki/Changelog"
},
{
"name" : "JVN#72974205",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN72974205/index.html"
},
{
"name" : "JVNDB-2009-000071",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000071.html"
},
{
"name" : "59661",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/59661"
},
{
"name" : "37235",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37235"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail 0.2.2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that modify user information via unspecified vectors, a different vulnerability than CVE-2009-4077."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://trac.roundcube.net/wiki/Changelog",
"refsource": "MISC",
"url": "http://trac.roundcube.net/wiki/Changelog"
},
{
"name": "JVN#72974205",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN72974205/index.html"
},
{
"name": "59661",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59661"
},
{
"name": "37235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37235"
},
{
"name": "JVNDB-2009-000071",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000071.html"
}
]
}
}

120
2009/4xxx/CVE-2009-4192.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "36541",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36541"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in dialog/file_manager.php in Interspire Knowledge Manager 5 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36541"
}
]
}
}

200
2009/4xxx/CVE-2009-4419.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf",
"refsource" : "MISC",
"url" : "http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf"
},
{
"name" : "http://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html",
"refsource" : "MISC",
"url" : "http://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html"
},
{
"name" : "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00021&languageid=en-fr",
"refsource" : "CONFIRM",
"url" : "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00021&languageid=en-fr"
},
{
"name" : "37430",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37430"
},
{
"name" : "61248",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61248"
},
{
"name" : "1023382",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023382"
},
{
"name" : "37900",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37900"
},
{
"name" : "ADV-2009-3618",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3618"
},
{
"name" : "intel-chipset-sinit-priv-escalation(54963)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54963"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the SINIT Authenticated Code Module (ACM), which allows local users to bypass the Trusted Execution Technology protection mechanism and gain privileges by modifying the MCHBAR register to point to an attacker-controlled region, which prevents the SENTER instruction from properly applying VT-d protection while an MLE is being loaded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00021&languageid=en-fr",
"refsource": "CONFIRM",
"url": "http://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00021&languageid=en-fr"
},
{
"name": "1023382",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023382"
},
{
"name": "37430",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37430"
},
{
"name": "61248",
"refsource": "OSVDB",
"url": "http://osvdb.org/61248"
},
{
"name": "http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf",
"refsource": "MISC",
"url": "http://invisiblethingslab.com/resources/misc09/Another%20TXT%20Attack.pdf"
},
{
"name": "ADV-2009-3618",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3618"
},
{
"name": "37900",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37900"
},
{
"name": "intel-chipset-sinit-priv-escalation(54963)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54963"
},
{
"name": "http://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html",
"refsource": "MISC",
"url": "http://theinvisiblethings.blogspot.com/2009/12/another-txt-attack.html"
}
]
}
}

190
2009/4xxx/CVE-2009-4846.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4846",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Deliantra Server before 2.82 allow remote attackers to execute arbitrary code via vectors related to (1) the command_gsay function in server/c_party.C and (2) the book implementation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cvs.schmorp.de/deliantra/server/Changes?pathrev=rel-2_82",
"refsource" : "CONFIRM",
"url" : "http://cvs.schmorp.de/deliantra/server/Changes?pathrev=rel-2_82"
},
{
"name" : "http://cvs.schmorp.de/deliantra/server/server/c_party.C?r1=1.29&r2=1.30",
"refsource" : "CONFIRM",
"url" : "http://cvs.schmorp.de/deliantra/server/server/c_party.C?r1=1.29&r2=1.30"
},
{
"name" : "59878",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/59878"
},
{
"name" : "59879",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/59879"
},
{
"name" : "37317",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37317"
},
{
"name" : "ADV-2009-3176",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3176"
},
{
"name" : "deliantra-book-bo(54206)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54206"
},
{
"name" : "deliantra-gsay-bo(54205)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54205"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Deliantra Server before 2.82 allow remote attackers to execute arbitrary code via vectors related to (1) the command_gsay function in server/c_party.C and (2) the book implementation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.schmorp.de/deliantra/server/server/c_party.C?r1=1.29&r2=1.30",
"refsource": "CONFIRM",
"url": "http://cvs.schmorp.de/deliantra/server/server/c_party.C?r1=1.29&r2=1.30"
},
{
"name": "deliantra-gsay-bo(54205)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54205"
},
{
"name": "59879",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59879"
},
{
"name": "http://cvs.schmorp.de/deliantra/server/Changes?pathrev=rel-2_82",
"refsource": "CONFIRM",
"url": "http://cvs.schmorp.de/deliantra/server/Changes?pathrev=rel-2_82"
},
{
"name": "deliantra-book-bo(54206)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54206"
},
{
"name": "ADV-2009-3176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3176"
},
{
"name": "59878",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59878"
},
{
"name": "37317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37317"
}
]
}
}

230
2012/2xxx/CVE-2012-2320.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2320",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted netlink message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2320",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120507 Re: connman heads up / CVE requests",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/07/10"
},
{
"name" : "[oss-security] 20120507 Re: connman heads up / CVE requests",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/07/6"
},
{
"name" : "[oss-security] 20120507 connman heads up / CVE requests",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/07/2"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=715172",
"refsource" : "MISC",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=715172"
},
{
"name" : "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=b0ec6eb4466acc57a9ea8be52c17b674b6ea0618",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=b0ec6eb4466acc57a9ea8be52c17b674b6ea0618"
},
{
"name" : "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=c1b968984212b46bea1330f5ae029507b9bfded9",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=c1b968984212b46bea1330f5ae029507b9bfded9"
},
{
"name" : "GLSA-201205-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201205-02.xml"
},
{
"name" : "53406",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53406"
},
{
"name" : "81704",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/81704"
},
{
"name" : "49033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49033"
},
{
"name" : "49186",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49186"
},
{
"name" : "connman-netlink-security-bypass(75465)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75465"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ConnMan before 0.85 does not ensure that netlink messages originate from the kernel, which allows remote attackers to bypass intended access restrictions and cause a denial of service via a crafted netlink message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "connman-netlink-security-bypass(75465)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75465"
},
{
"name": "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=b0ec6eb4466acc57a9ea8be52c17b674b6ea0618",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=b0ec6eb4466acc57a9ea8be52c17b674b6ea0618"
},
{
"name": "81704",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81704"
},
{
"name": "[oss-security] 20120507 Re: connman heads up / CVE requests",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/07/6"
},
{
"name": "GLSA-201205-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201205-02.xml"
},
{
"name": "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=c1b968984212b46bea1330f5ae029507b9bfded9",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=network/connman/connman.git;a=commit;h=c1b968984212b46bea1330f5ae029507b9bfded9"
},
{
"name": "[oss-security] 20120507 connman heads up / CVE requests",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/07/2"
},
{
"name": "53406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53406"
},
{
"name": "[oss-security] 20120507 Re: connman heads up / CVE requests",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/07/10"
},
{
"name": "49033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49033"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=715172",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=715172"
},
{
"name": "49186",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49186"
}
]
}
}

120
2012/2xxx/CVE-2012-2426.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2426",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-2426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-145-02.pdf"
}
]
}
}

190
2012/2xxx/CVE-2012-2515.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-2515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://retrogod.altervista.org/9sg_emc_keyhelp.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/9sg_emc_keyhelp.html"
},
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf"
},
{
"name" : "http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf",
"refsource" : "CONFIRM",
"url" : "http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf"
},
{
"name" : "36546",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36546"
},
{
"name" : "36905",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36905"
},
{
"name" : "36914",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36914"
},
{
"name" : "ADV-2009-2793",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2793"
},
{
"name" : "ADV-2009-2795",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2795"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX control in KeyHelp.ocx 1.2.312 in KeyWorks KeyHelp Module (aka the HTML Help component), as used in EMC Documentum ApplicationXtender Desktop 5.4; EMC Captiva Quickscan Pro 4.6 SP1; GE Intelligent Platforms Proficy Historian 3.1, 3.5, 4.0, and 4.5; GE Intelligent Platforms Proficy HMI/SCADA iFIX 5.0 and 5.1; GE Intelligent Platforms Proficy Pulse 1.0; GE Intelligent Platforms Proficy Batch Execution 5.6; GE Intelligent Platforms SI7 I/O Driver 7.20 through 7.42; and other products, allow remote attackers to execute arbitrary code via a long string in the second argument to the (1) JumpMappedID or (2) JumpURL method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2795",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2795"
},
{
"name": "ADV-2009-2793",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2793"
},
{
"name": "36546",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36546"
},
{
"name": "http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf",
"refsource": "CONFIRM",
"url": "http://support.ge-ip.com/support/resources/sites/GE_FANUC_SUPPORT/content/live/KB/14000/KB14863/en_US/GEIP12-04%20Security%20Advisory%20-%20Proficy%20HTML%20Help.pdf"
},
{
"name": "36914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36914"
},
{
"name": "36905",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36905"
},
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-131-02.pdf"
},
{
"name": "http://retrogod.altervista.org/9sg_emc_keyhelp.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/9sg_emc_keyhelp.html"
}
]
}
}

230
2012/2xxx/CVE-2012-2801.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2801",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and \"out of array writes.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2801",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3"
},
{
"name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4"
},
{
"name" : "http://ffmpeg.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://ffmpeg.org/security.html"
},
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1df49142bab1b7bccd11392aa9e819e297d21a6e",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1df49142bab1b7bccd11392aa9e819e297d21a6e"
},
{
"name" : "http://libav.org/releases/libav-0.7.7.changelog",
"refsource" : "CONFIRM",
"url" : "http://libav.org/releases/libav-0.7.7.changelog"
},
{
"name" : "http://libav.org/releases/libav-0.8.4.changelog",
"refsource" : "CONFIRM",
"url" : "http://libav.org/releases/libav-0.8.4.changelog"
},
{
"name" : "http://libav.org/releases/libav-0.8.5.changelog",
"refsource" : "CONFIRM",
"url" : "http://libav.org/releases/libav-0.8.5.changelog"
},
{
"name" : "MDVSA-2013:079",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079"
},
{
"name" : "USN-1705-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1705-1"
},
{
"name" : "55355",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55355"
},
{
"name" : "50468",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50468"
},
{
"name" : "51257",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51257"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to dimensions and \"out of array writes.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/4"
},
{
"name": "http://libav.org/releases/libav-0.8.5.changelog",
"refsource": "CONFIRM",
"url": "http://libav.org/releases/libav-0.8.5.changelog"
},
{
"name": "http://libav.org/releases/libav-0.8.4.changelog",
"refsource": "CONFIRM",
"url": "http://libav.org/releases/libav-0.8.4.changelog"
},
{
"name": "55355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55355"
},
{
"name": "MDVSA-2013:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079"
},
{
"name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/3"
},
{
"name": "http://ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/security.html"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1df49142bab1b7bccd11392aa9e819e297d21a6e",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1df49142bab1b7bccd11392aa9e819e297d21a6e"
},
{
"name": "http://libav.org/releases/libav-0.7.7.changelog",
"refsource": "CONFIRM",
"url": "http://libav.org/releases/libav-0.7.7.changelog"
},
{
"name": "USN-1705-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1705-1"
},
{
"name": "50468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50468"
},
{
"name": "51257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51257"
}
]
}
}

34
2012/6xxx/CVE-2012-6155.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6155",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6155",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

220
2015/1xxx/CVE-2015-1071.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT204560",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204560"
},
{
"name" : "https://support.apple.com/HT204661",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204661"
},
{
"name" : "https://support.apple.com/HT204662",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204662"
},
{
"name" : "https://support.apple.com/kb/HT204949",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT204949"
},
{
"name" : "APPLE-SA-2015-03-17-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html"
},
{
"name" : "APPLE-SA-2015-04-08-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name" : "APPLE-SA-2015-04-08-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"name" : "APPLE-SA-2015-06-30-6",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html"
},
{
"name" : "openSUSE-SU-2016:0915",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html"
},
{
"name" : "USN-2937-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2937-1"
},
{
"name" : "1031936",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031936"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "APPLE-SA-2015-06-30-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html"
},
{
"name": "APPLE-SA-2015-03-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html"
},
{
"name": "https://support.apple.com/kb/HT204949",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT204949"
},
{
"name": "1031936",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031936"
},
{
"name": "https://support.apple.com/HT204662",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204662"
},
{
"name": "openSUSE-SU-2016:0915",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html"
},
{
"name": "https://support.apple.com/HT204560",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204560"
},
{
"name": "APPLE-SA-2015-04-08-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
},
{
"name": "USN-2937-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2937-1"
}
]
}
}

130
2015/1xxx/CVE-2015-1945.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1945",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1945",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21957776",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21957776"
},
{
"name" : "74929",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Reference Data Management component in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3, and 11.4 allows remote authenticated users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21957776",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21957776"
},
{
"name": "74929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74929"
}
]
}
}

220
2015/5xxx/CVE-2015-5146.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.ntp.org/show_bug.cgi?id=2853",
"refsource" : "CONFIRM",
"url" : "http://bugs.ntp.org/show_bug.cgi?id=2853"
},
{
"name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1238136",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1238136"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180731-0003/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180731-0003/"
},
{
"name" : "DSA-3388",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3388"
},
{
"name" : "FEDORA-2015-14212",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"name" : "FEDORA-2015-14213",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"name" : "FEDORA-2015-77bfbc1bcd",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"name" : "GLSA-201509-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201509-01"
},
{
"name" : "75589",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75589"
},
{
"name" : "1034168",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034168"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1238136",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1238136"
},
{
"name": "75589",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75589"
},
{
"name": "GLSA-201509-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-01"
},
{
"name": "FEDORA-2015-77bfbc1bcd",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170926.html"
},
{
"name": "1034168",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034168"
},
{
"name": "DSA-3388",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3388"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2853",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2853"
},
{
"name": "FEDORA-2015-14212",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169167.html"
},
{
"name": "FEDORA-2015-14213",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166992.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#March_2017_ntp_4_2_8p10_NTP_Secu"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180731-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180731-0003/"
}
]
}
}

200
2015/5xxx/CVE-2015-5200.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5200",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[xorg-announce] 20150831 libvdpau 1.1.1",
"refsource" : "MLIST",
"url" : "http://lists.x.org/archives/xorg-announce/2015-August/002630.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1253827",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1253827"
},
{
"name" : "DSA-3355",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3355"
},
{
"name" : "FEDORA-2015-3ca3f2138b",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html"
},
{
"name" : "FEDORA-2015-14850",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html"
},
{
"name" : "FEDORA-2015-14851",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html"
},
{
"name" : "openSUSE-SU-2015:1537",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html"
},
{
"name" : "USN-2729-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2729-1"
},
{
"name" : "76636",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76636"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-14851",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167469.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1253827",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1253827"
},
{
"name": "76636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76636"
},
{
"name": "FEDORA-2015-3ca3f2138b",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170637.html"
},
{
"name": "FEDORA-2015-14850",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165546.html"
},
{
"name": "USN-2729-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2729-1"
},
{
"name": "openSUSE-SU-2015:1537",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00012.html"
},
{
"name": "[xorg-announce] 20150831 libvdpau 1.1.1",
"refsource": "MLIST",
"url": "http://lists.x.org/archives/xorg-announce/2015-August/002630.html"
},
{
"name": "DSA-3355",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3355"
}
]
}
}

160
2015/5xxx/CVE-2015-5675.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5675",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150825 FreeBSD Security Advisory FreeBSD-SA-15:21.amd64",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536321/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/133335/FreeBSD-Security-Advisory-IRET-Handler-Privilege-Escalation.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133335/FreeBSD-Security-Advisory-IRET-Handler-Privilege-Escalation.html"
},
{
"name" : "FreeBSD-SA-15:21",
"refsource" : "FREEBSD",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc"
},
{
"name" : "76485",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76485"
},
{
"name" : "1033376",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033376"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 allows local users to gain privileges or cause a denial of service (kernel panic)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76485"
},
{
"name": "FreeBSD-SA-15:21",
"refsource": "FREEBSD",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-15:21.amd64.asc"
},
{
"name": "1033376",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033376"
},
{
"name": "20150825 FreeBSD Security Advisory FreeBSD-SA-15:21.amd64",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536321/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/133335/FreeBSD-Security-Advisory-IRET-Handler-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133335/FreeBSD-Security-Advisory-IRET-Handler-Privilege-Escalation.html"
}
]
}
}

190
2015/5xxx/CVE-2015-5733.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5733",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5733",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150804 Re: CVE request: WordPress 4.2.3 and earlier multiple vulnerabilities",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2015/08/04/7"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8132",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8132"
},
{
"name" : "https://codex.wordpress.org/Version_4.2.4",
"refsource" : "CONFIRM",
"url" : "https://codex.wordpress.org/Version_4.2.4"
},
{
"name" : "https://core.trac.wordpress.org/changeset/33540",
"refsource" : "CONFIRM",
"url" : "https://core.trac.wordpress.org/changeset/33540"
},
{
"name" : "https://core.trac.wordpress.org/changeset/33541",
"refsource" : "CONFIRM",
"url" : "https://core.trac.wordpress.org/changeset/33541"
},
{
"name" : "https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/"
},
{
"name" : "76331",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76331"
},
{
"name" : "1033178",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033178"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the refreshAdvancedAccessibilityOfItem function in wp-admin/js/nav-menu.js in WordPress before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via an accessibility-helper title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/"
},
{
"name": "https://core.trac.wordpress.org/changeset/33541",
"refsource": "CONFIRM",
"url": "https://core.trac.wordpress.org/changeset/33541"
},
{
"name": "[oss-security] 20150804 Re: CVE request: WordPress 4.2.3 and earlier multiple vulnerabilities",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/08/04/7"
},
{
"name": "1033178",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033178"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8132",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8132"
},
{
"name": "76331",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76331"
},
{
"name": "https://codex.wordpress.org/Version_4.2.4",
"refsource": "CONFIRM",
"url": "https://codex.wordpress.org/Version_4.2.4"
},
{
"name": "https://core.trac.wordpress.org/changeset/33540",
"refsource": "CONFIRM",
"url": "https://core.trac.wordpress.org/changeset/33540"
}
]
}
}

34
2015/5xxx/CVE-2015-5976.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5976",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-5976",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

34
2018/11xxx/CVE-2018-11122.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11122",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11122",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/11xxx/CVE-2018-11415.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44755",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44755/"
},
{
"name" : "https://github.com/0xd0m7/SAP",
"refsource" : "MISC",
"url" : "https://github.com/0xd0m7/SAP"
},
{
"name" : "104311",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104311"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases of this product."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104311"
},
{
"name": "44755",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44755/"
},
{
"name": "https://github.com/0xd0m7/SAP",
"refsource": "MISC",
"url": "https://github.com/0xd0m7/SAP"
}
]
}
}

120
2018/11xxx/CVE-2018-11882.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11882",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile",
"version" : {
"version_data" : [
{
"version_value" : "SD 835, SD 845, SD 850, SDA660"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect bound check can lead to potential buffer overwrite in WLAN controller in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy Without Checking Size of Input in WLAN"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11882",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "SD 835, SD 845, SD 850, SDA660"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Incorrect bound check can lead to potential buffer overwrite in WLAN controller in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}

140
2018/3xxx/CVE-2018-3231.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3231",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.5.3"
},
{
"version_affected" : "=",
"version_value" : "8.5.4"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3231",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.3"
},
{
"version_affected": "=",
"version_value": "8.5.4"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105603",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105603"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Outside In Technology and unauthorized read access to a subset of Oracle Outside In Technology accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105603"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

142
2018/3xxx/CVE-2018-3298.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3298",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "5.2.20"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.2.20"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105619",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105619"
},
{
"name" : "1041887",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041887"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "1041887",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041887"
},
{
"name": "105619",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105619"
}
]
}
}

34
2018/3xxx/CVE-2018-3664.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3664",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3664",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/3xxx/CVE-2018-3702.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3702",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3702",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2018/3xxx/CVE-2018-3770.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-07-20T00:00:00",
"ID" : "CVE-2018-3770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "markdown-pdf",
"version" : {
"version_data" : [
{
"version_value" : "9.0.0"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-07-20T00:00:00",
"ID": "CVE-2018-3770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "markdown-pdf",
"version": {
"version_data": [
{
"version_value": "9.0.0"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://hackerone.com/reports/360727",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/360727"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal exists in markdown-pdf version <9.0.0 that allows a user to insert a malicious html code that can result in reading the local files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/360727",
"refsource": "MISC",
"url": "https://hackerone.com/reports/360727"
}
]
}
}

34
2018/7xxx/CVE-2018-7003.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7003",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-7003",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

34
2018/7xxx/CVE-2018-7854.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7854",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7854",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

146
2018/8xxx/CVE-2018-8111.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8111",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8236."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8111",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8111",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8111"
},
{
"name" : "104335",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104335"
},
{
"name" : "1041097",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041097"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka \"Microsoft Edge Memory Corruption Vulnerability.\" This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8110, CVE-2018-8236."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8111",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8111"
},
{
"name": "104335",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104335"
},
{
"name": "1041097",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041097"
}
]
}
}

140
2018/8xxx/CVE-2018-8115.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8115",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Host Compute",
"version" : {
"version_data" : [
{
"version_value" : "Service Shim"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka \"Windows Host Compute Service Shim Remote Code Execution Vulnerability.\" This affects Windows Host Compute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Host Compute",
"version": {
"version_data": [
{
"version_value": "Service Shim"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8115",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8115"
},
{
"name" : "104061",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104061"
},
{
"name" : "1040842",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040842"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when the Windows Host Compute Service Shim (hcsshim) library fails to properly validate input while importing a container image, aka \"Windows Host Compute Service Shim Remote Code Execution Vulnerability.\" This affects Windows Host Compute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104061"
},
{
"name": "1040842",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040842"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8115",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8115"
}
]
}
}

394
2018/8xxx/CVE-2018-8489.json
View File

@ -1,199 +1,199 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2008",
"version" : {
"version_data" : [
{
"version_value" : "x64-based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2019",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "Version 1809 for 32-bit Systems"
},
{
"version_value" : "Version 1809 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka \"Windows Hyper-V Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8490."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8489",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8489"
},
{
"name" : "105479",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105479"
},
{
"name" : "1041834",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041834"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system, aka \"Windows Hyper-V Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8490."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8489",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8489"
},
{
"name": "1041834",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041834"
},
{
"name": "105479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105479"
}
]
}
}

34
2018/8xxx/CVE-2018-8659.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8659",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8659",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}