admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 21:39:34 +00:00
parent d2b1d3b59c
commit 395a21aaa7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 4136 additions and 4136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

190
2002/0xxx/CVE-2002-0163.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"name" : "FreeBSD-SA-02:19",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
},
{
"name" : "MDKSA-2002:027",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"name" : "20020326 updated squid advisory",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101716495023226&w=2"
},
{
"name" : "CSSA-2002-017.1",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"name" : "RHSA-2002:051",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name" : "4363",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4363"
},
{
"name" : "squid-dns-reply-dos(8628)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8628.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2002:051",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-051.html"
},
{
"name": "MDKSA-2002:027",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php"
},
{
"name": "CSSA-2002-017.1",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt"
},
{
"name": "20020326 updated squid advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101716495023226&w=2"
},
{
"name": "squid-dns-reply-dos(8628)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8628.php"
},
{
"name": "4363",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4363"
},
{
"name": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Advisories/SQUID-2002_2.txt"
},
{
"name": "FreeBSD-SA-02:19",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc"
}
]
}
}

150
2002/0xxx/CVE-2002-0324.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0324",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a \"Clear And Exit\" action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0324",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020224 Greymatter 1.21c and earlier - remote login/pass exposure",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101465343308249&w=2"
},
{
"name" : "http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htm",
"refsource" : "MISC",
"url" : "http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htm"
},
{
"name" : "greymatter-gmrightclick-account-information(8277)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8277.php"
},
{
"name" : "4169",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4169"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Greymatter 1.21c and earlier with the Bookmarklet feature enabled allows remote attackers to read a cleartext password and gain administrative privileges by guessing the name of a gmrightclick-*.reg file which contains the administrator name and password in cleartext, then retrieving the file from the web server before the Greymatter administrator performs a \"Clear And Exit\" action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htm",
"refsource": "MISC",
"url": "http://www.dangerousmonkey.com/dangblog/dangarch/00000051.htm"
},
{
"name": "20020224 Greymatter 1.21c and earlier - remote login/pass exposure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101465343308249&w=2"
},
{
"name": "4169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4169"
},
{
"name": "greymatter-gmrightclick-account-information(8277)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8277.php"
}
]
}
}

150
2002/0xxx/CVE-2002-0432.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0432",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020309 Citadel/UX Server Remote DoS attack Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/260934"
},
{
"name" : "http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz",
"refsource" : "CONFIRM",
"url" : "http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz"
},
{
"name" : "citadel-helo-bo(8426)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8426.php"
},
{
"name" : "4263",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4263"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/UX 5.90 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attacks such as a long HELO command to the SMTP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "citadel-helo-bo(8426)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8426.php"
},
{
"name": "http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz",
"refsource": "CONFIRM",
"url": "http://uncensored.citadel.org/pub/citadel/citadel-ux-5.91.tar.gz"
},
{
"name": "20020309 Citadel/UX Server Remote DoS attack Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/260934"
},
{
"name": "4263",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4263"
}
]
}
}

140
2002/2xxx/CVE-2002-2247.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2247",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2247",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021212 Multiple Mambo Site Server sec-weaknesses",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name" : "6376",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6376"
},
{
"name" : "mambo-phpinfo-disclose-path(10853)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10853"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allows remote attackers to obtain sensitive information such as the full web root path via phpinfo.php, which calls the phpinfo function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "mambo-phpinfo-disclose-path(10853)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10853"
},
{
"name": "20021212 Multiple Mambo Site Server sec-weaknesses",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0111.html"
},
{
"name": "6376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6376"
}
]
}
}

160
2002/2xxx/CVE-2002-2422.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2422",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021001 XSS bug in Compaq Insight Manager Http server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/293715"
},
{
"name" : "20021001 Re: [VulnDiscuss] XSS bug in Compaq Insight Manager Http server",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/294020"
},
{
"name" : "20021004 RE: XSS bug in Compaq Insight Manager Http server",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/294160"
},
{
"name" : "5780",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5780"
},
{
"name" : "http://www.securiteam.com/windowsntfocus/6G00K0A5SM.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/windowsntfocus/6G00K0A5SM.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Compaq Insight Management Agents 2.0, 2.1, 3.6.0, 4.2 and 4.3.7 allows remote attackers to inject arbitrary web script or HTML via a URL, which inserts the script into the resulting error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securiteam.com/windowsntfocus/6G00K0A5SM.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/windowsntfocus/6G00K0A5SM.html"
},
{
"name": "20021001 Re: [VulnDiscuss] XSS bug in Compaq Insight Manager Http server",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/294020"
},
{
"name": "20021004 RE: XSS bug in Compaq Insight Manager Http server",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/294160"
},
{
"name": "5780",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5780"
},
{
"name": "20021001 XSS bug in Compaq Insight Manager Http server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/293715"
}
]
}
}

190
2005/0xxx/CVE-2005-0141.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0141",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links \"with a custom getter and toString method\" that are middle-clicked by the user to be opened in a new tab."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/mfsa2005-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/mfsa2005-01.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=249332",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=249332"
},
{
"name" : "RHSA-2005:323",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-323.html"
},
{
"name" : "RHSA-2005:335",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-335.html"
},
{
"name" : "12407",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12407"
},
{
"name" : "oval:org.mitre.oval:def:100057",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057"
},
{
"name" : "oval:org.mitre.oval:def:10756",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756"
},
{
"name" : "mozilla-firefox-file-upload(19168)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19168"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links \"with a custom getter and toString method\" that are middle-clicked by the user to be opened in a new tab."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2005:323",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-323.html"
},
{
"name": "12407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12407"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=249332",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=249332"
},
{
"name": "RHSA-2005:335",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-335.html"
},
{
"name": "mozilla-firefox-file-upload(19168)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19168"
},
{
"name": "oval:org.mitre.oval:def:10756",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10756"
},
{
"name": "http://www.mozilla.org/security/announce/mfsa2005-01.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/mfsa2005-01.html"
},
{
"name": "oval:org.mitre.oval:def:100057",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100057"
}
]
}
}

120
2005/0xxx/CVE-2005-0371.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0371",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (freeze) via a large number of player connections that do not send any data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050210 Crashes and socket unreacheable in Armagetron Advanced 0.2.7.0",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110811699206052&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (freeze) via a large number of player connections that do not send any data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050210 Crashes and socket unreacheable in Armagetron Advanced 0.2.7.0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110811699206052&w=2"
}
]
}
}

210
2005/0xxx/CVE-2005-0555.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0555",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka \"Content Advisor Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2005-0555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS05-020",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020"
},
{
"name" : "TA05-102A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-102A.html"
},
{
"name" : "VU#222050",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/222050"
},
{
"name" : "oval:org.mitre.oval:def:2077",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2077"
},
{
"name" : "oval:org.mitre.oval:def:2786",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2786"
},
{
"name" : "oval:org.mitre.oval:def:3157",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3157"
},
{
"name" : "oval:org.mitre.oval:def:3926",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3926"
},
{
"name" : "oval:org.mitre.oval:def:4674",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4674"
},
{
"name" : "14922",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14922/"
},
{
"name" : "ie-content-advisor-bo(19842)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19842"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Content Advisor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a crafted Content Advisor file, aka \"Content Advisor Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:2077",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2077"
},
{
"name": "oval:org.mitre.oval:def:4674",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4674"
},
{
"name": "oval:org.mitre.oval:def:3926",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3926"
},
{
"name": "14922",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14922/"
},
{
"name": "oval:org.mitre.oval:def:3157",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3157"
},
{
"name": "MS05-020",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-020"
},
{
"name": "ie-content-advisor-bo(19842)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19842"
},
{
"name": "oval:org.mitre.oval:def:2786",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2786"
},
{
"name": "TA05-102A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-102A.html"
},
{
"name": "VU#222050",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/222050"
}
]
}
}

130
2005/0xxx/CVE-2005-0764.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0764",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0764",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "GLSA-200503-23",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-23.xml"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=84680",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=84680"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200503-23",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-23.xml"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=84680",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=84680"
}
]
}
}

150
2005/0xxx/CVE-2005-0863.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0863",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050317 [PersianHacker.NET 200503-09]PHPOpenChat v3.x XSS Multiple Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/lists/bugtraq/2005/Mar/0331.html"
},
{
"name" : "12841",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12841"
},
{
"name" : "14651",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14651"
},
{
"name" : "phpopenchat-regulars-register-xss(19748)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19748"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050317 [PersianHacker.NET 200503-09]PHPOpenChat v3.x XSS Multiple Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2005/Mar/0331.html"
},
{
"name": "14651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14651"
},
{
"name": "12841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12841"
},
{
"name": "phpopenchat-regulars-register-xss(19748)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19748"
}
]
}
}

180
2005/0xxx/CVE-2005-0919.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050329 Adventia Chat",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=111211930330410&w=2"
},
{
"name" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-003-adventiachat.txt",
"refsource" : "MISC",
"url" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-003-adventiachat.txt"
},
{
"name" : "12927",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12927"
},
{
"name" : "12940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12940"
},
{
"name" : "15156",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15156"
},
{
"name" : "1013588",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013588"
},
{
"name" : "adventia-chat-field-xss(21317)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21317"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting (XSS) attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12927"
},
{
"name": "12940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12940"
},
{
"name": "http://exploitlabs.com/files/advisories/EXPL-A-2005-003-adventiachat.txt",
"refsource": "MISC",
"url": "http://exploitlabs.com/files/advisories/EXPL-A-2005-003-adventiachat.txt"
},
{
"name": "1013588",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013588"
},
{
"name": "adventia-chat-field-xss(21317)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21317"
},
{
"name": "20050329 Adventia Chat",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=111211930330410&w=2"
},
{
"name": "15156",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15156"
}
]
}
}

140
2005/1xxx/CVE-2005-1318.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1318",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[sork] 20050422 Forwards 2.2.2 (final)",
"refsource" : "MLIST",
"url" : "http://lists.horde.org/archives/sork/Week-of-Mon-20050418/002145.html"
},
{
"name" : "http://cvs.horde.org/diff.php/forwards/docs/CHANGES?r1=1.1.1.1.2.20&r2=1.1.1.1.2.23&ty=h",
"refsource" : "CONFIRM",
"url" : "http://cvs.horde.org/diff.php/forwards/docs/CHANGES?r1=1.1.1.1.2.20&r2=1.1.1.1.2.23&ty=h"
},
{
"name" : "15082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15082"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.horde.org/diff.php/forwards/docs/CHANGES?r1=1.1.1.1.2.20&r2=1.1.1.1.2.23&ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/forwards/docs/CHANGES?r1=1.1.1.1.2.20&r2=1.1.1.1.2.23&ty=h"
},
{
"name": "[sork] 20050422 Forwards 2.2.2 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/sork/Week-of-Mon-20050418/002145.html"
},
{
"name": "15082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15082"
}
]
}
}

160
2005/1xxx/CVE-2005-1611.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1611",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x allows remote attackers to inject arbitrary web script or HTML via a URL with an \"@\" followed by the desired script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://osvdb.org/ref/16/16070-webcrossing.txt",
"refsource" : "MISC",
"url" : "http://osvdb.org/ref/16/16070-webcrossing.txt"
},
{
"name" : "13482",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13482"
},
{
"name" : "16070",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16070"
},
{
"name" : "15218",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15218"
},
{
"name" : "web-crossing-webx-xss(20381)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20381"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x allows remote attackers to inject arbitrary web script or HTML via a URL with an \"@\" followed by the desired script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "web-crossing-webx-xss(20381)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20381"
},
{
"name": "15218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15218"
},
{
"name": "13482",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13482"
},
{
"name": "http://osvdb.org/ref/16/16070-webcrossing.txt",
"refsource": "MISC",
"url": "http://osvdb.org/ref/16/16070-webcrossing.txt"
},
{
"name": "16070",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16070"
}
]
}
}

120
2005/1xxx/CVE-2005-1856.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1856",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-1856",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-787",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-787"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The CD-burning feature in backup-manager 0.5.8 and earlier uses a fixed filename in a world-writable directory for logging, which allows local users to overwrite files via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-787",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-787"
}
]
}
}

160
2005/4xxx/CVE-2005-4369.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/acuity-cms-26x-asp-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/acuity-cms-26x-asp-xss-vuln.html"
},
{
"name" : "15934",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15934"
},
{
"name" : "ADV-2005-2970",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2970"
},
{
"name" : "21794",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21794"
},
{
"name" : "18070",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18070"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15934",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15934"
},
{
"name": "http://pridels0.blogspot.com/2005/12/acuity-cms-26x-asp-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/acuity-cms-26x-asp-xss-vuln.html"
},
{
"name": "18070",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18070"
},
{
"name": "ADV-2005-2970",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2970"
},
{
"name": "21794",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21794"
}
]
}
}

180
2009/0xxx/CVE-2009-0204.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0204",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02403",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=123324765514459&w=2"
},
{
"name" : "SSRT090007",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=123324765514459&w=2"
},
{
"name" : "33505",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33505"
},
{
"name" : "ADV-2009-0296",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0296"
},
{
"name" : "1021641",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1021641"
},
{
"name" : "33713",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33713"
},
{
"name" : "selectaccess-unspecified-xss(48334)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48334"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT090007",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=123324765514459&w=2"
},
{
"name": "33713",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33713"
},
{
"name": "ADV-2009-0296",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0296"
},
{
"name": "33505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33505"
},
{
"name": "selectaccess-unspecified-xss(48334)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48334"
},
{
"name": "1021641",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021641"
},
{
"name": "HPSBMA02403",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=123324765514459&w=2"
}
]
}
}

180
2009/0xxx/CVE-2009-0270.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0270",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090119 [Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow.",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500172/100/0/threaded"
},
{
"name" : "http://www.wintercore.com/advisories/advisory_W010109.html",
"refsource" : "MISC",
"url" : "http://www.wintercore.com/advisories/advisory_W010109.html"
},
{
"name" : "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html",
"refsource" : "CONFIRM",
"url" : "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html"
},
{
"name" : "33342",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33342"
},
{
"name" : "ADV-2009-0176",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0176"
},
{
"name" : "51486",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51486"
},
{
"name" : "33594",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33594"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51486",
"refsource": "OSVDB",
"url": "http://osvdb.org/51486"
},
{
"name": "20090119 [Wintercore Research ] Fujitsu SystemcastWizard Lite PXEService Remote Buffer Overflow.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500172/100/0/threaded"
},
{
"name": "ADV-2009-0176",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0176"
},
{
"name": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html",
"refsource": "CONFIRM",
"url": "http://www.fujitsu.com/global/services/computing/server/primequest/products/os/windows-server-2008-2.html"
},
{
"name": "http://www.wintercore.com/advisories/advisory_W010109.html",
"refsource": "MISC",
"url": "http://www.wintercore.com/advisories/advisory_W010109.html"
},
{
"name": "33342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33342"
},
{
"name": "33594",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33594"
}
]
}
}

260
2009/0xxx/CVE-2009-0586.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0586",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0586",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/501712/100/0/threaded"
},
{
"name" : "[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2009/03/12/2"
},
{
"name" : "http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff",
"refsource" : "MISC",
"url" : "http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff"
},
{
"name" : "http://www.ocert.org/advisories/ocert-2008-015.html",
"refsource" : "MISC",
"url" : "http://www.ocert.org/advisories/ocert-2008-015.html"
},
{
"name" : "http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9",
"refsource" : "CONFIRM",
"url" : "http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9"
},
{
"name" : "GLSA-200907-11",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200907-11.xml"
},
{
"name" : "MDVSA-2009:085",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:085"
},
{
"name" : "SUSE-SR:2009:009",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name" : "USN-735-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-735-1"
},
{
"name" : "34100",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34100"
},
{
"name" : "oval:org.mitre.oval:def:9694",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694"
},
{
"name" : "34335",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34335"
},
{
"name" : "34350",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34350"
},
{
"name" : "35777",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35777"
},
{
"name" : "gstreamer-gstvorbistagaddcoverart-bo(49274)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49274"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the gst_vorbis_tag_add_coverart function (gst-libs/gst/tag/gstvorbistag.c) in vorbistag in gst-plugins-base (aka gstreamer-plugins-base) before 0.10.23 in GStreamer allows context-dependent attackers to execute arbitrary code via a crafted COVERART tag that is converted from a base64 representation, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9694",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9694"
},
{
"name": "34335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34335"
},
{
"name": "35777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35777"
},
{
"name": "34350",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34350"
},
{
"name": "GLSA-200907-11",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-11.xml"
},
{
"name": "http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/gstreamer/gst-plugins-base/commit/?id=566583e87147f774e7fc4c78b5f7e61d427e40a9"
},
{
"name": "[oss-security] 20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/03/12/2"
},
{
"name": "34100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34100"
},
{
"name": "MDVSA-2009:085",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:085"
},
{
"name": "20090312 [oCERT-2008-015] glib and glib-predecessor heap overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501712/100/0/threaded"
},
{
"name": "http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff",
"refsource": "MISC",
"url": "http://ocert.org/patches/2008-015/gst-plugins-base-CVE-2009-0586.diff"
},
{
"name": "SUSE-SR:2009:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"
},
{
"name": "USN-735-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-735-1"
},
{
"name": "gstreamer-gstvorbistagaddcoverart-bo(49274)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49274"
},
{
"name": "http://www.ocert.org/advisories/ocert-2008-015.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2008-015.html"
}
]
}
}

630
2009/0xxx/CVE-2009-0846.json
View File

@ -1,317 +1,317 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0846",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0846",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090407 MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502527/100/0/threaded"
},
{
"name" : "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"name" : "20090701 VMSA-2009-0008 ESX Service Console update for krb5",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504683/100/0/threaded"
},
{
"name" : "[security-announce] 20090701 VMSA-2009-0008 ESX Service Console update for krb5",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2009/000059.html"
},
{
"name" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058",
"refsource" : "MISC",
"url" : "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html",
"refsource" : "MISC",
"url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"name" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html",
"refsource" : "MISC",
"url" : "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"name" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt",
"refsource" : "CONFIRM",
"url" : "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0058",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"name" : "http://support.apple.com/kb/HT3549",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3549"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0008.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0008.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21396120",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"name" : "APPLE-SA-2009-05-12",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name" : "FEDORA-2009-2834",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"name" : "FEDORA-2009-2852",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
},
{
"name" : "GLSA-200904-09",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"name" : "HPSBUX02421",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124896429301168&w=2"
},
{
"name" : "SSRT090047",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124896429301168&w=2"
},
{
"name" : "HPSBOV02682",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130497213107107&w=2"
},
{
"name" : "SSRT100495",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130497213107107&w=2"
},
{
"name" : "MDVSA-2009:098",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"
},
{
"name" : "RHSA-2009:0408",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0408.html"
},
{
"name" : "RHSA-2009:0409",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0409.html"
},
{
"name" : "RHSA-2009:0410",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0410.html"
},
{
"name" : "256728",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"name" : "USN-755-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-755-1"
},
{
"name" : "TA09-133A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name" : "VU#662091",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/662091"
},
{
"name" : "34409",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34409"
},
{
"name" : "oval:org.mitre.oval:def:10694",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694"
},
{
"name" : "oval:org.mitre.oval:def:5483",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483"
},
{
"name" : "oval:org.mitre.oval:def:6301",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301"
},
{
"name" : "1021994",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021994"
},
{
"name" : "34640",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34640"
},
{
"name" : "34594",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34594"
},
{
"name" : "34617",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34617"
},
{
"name" : "34622",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34622"
},
{
"name" : "34630",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34630"
},
{
"name" : "34637",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34637"
},
{
"name" : "34598",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34598"
},
{
"name" : "34628",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34628"
},
{
"name" : "34734",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34734"
},
{
"name" : "35074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35074"
},
{
"name" : "35667",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35667"
},
{
"name" : "ADV-2009-0960",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0960"
},
{
"name" : "ADV-2009-0976",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0976"
},
{
"name" : "ADV-2009-1106",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1106"
},
{
"name" : "ADV-2009-1057",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1057"
},
{
"name" : "ADV-2009-1297",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name" : "ADV-2009-2084",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2084"
},
{
"name" : "ADV-2009-2248",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2248"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c in the ASN.1 GeneralizedTime decoder in MIT Kerberos 5 (aka krb5) before 1.6.4 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors involving an invalid DER encoding that triggers a free of an uninitialized pointer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090701 VMSA-2009-0008 ESX Service Console update for krb5",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504683/100/0/threaded"
},
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html",
"refsource": "MISC",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047181.html"
},
{
"name": "oval:org.mitre.oval:def:6301",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6301"
},
{
"name": "MDVSA-2009:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:098"
},
{
"name": "VU#662091",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/662091"
},
{
"name": "20090407 MITKRB5-SA-2009-002: ASN.1 decoder frees uninitialized pointer [CVE-2009-0846]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502527/100/0/threaded"
},
{
"name": "ADV-2009-0960",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0960"
},
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-142.htm"
},
{
"name": "35667",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35667"
},
{
"name": "RHSA-2009:0408",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0408.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0008.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0008.html"
},
{
"name": "34637",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34637"
},
{
"name": "SSRT100495",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"
},
{
"name": "ADV-2009-2084",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2084"
},
{
"name": "oval:org.mitre.oval:def:10694",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10694"
},
{
"name": "34640",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34640"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "256728",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-256728-1"
},
{
"name": "GLSA-200904-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-09.xml"
},
{
"name": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html",
"refsource": "MISC",
"url": "http://support.novell.com/docs/Readmes/InfoDocument/patchbuilder/readme_5047180.html"
},
{
"name": "ADV-2009-0976",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0976"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "USN-755-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-755-1"
},
{
"name": "34630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34630"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21396120"
},
{
"name": "oval:org.mitre.oval:def:5483",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5483"
},
{
"name": "ADV-2009-1057",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1057"
},
{
"name": "34617",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34617"
},
{
"name": "34628",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34628"
},
{
"name": "34734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34734"
},
{
"name": "ADV-2009-2248",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2248"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058",
"refsource": "MISC",
"url": "http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0058"
},
{
"name": "34598",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34598"
},
{
"name": "RHSA-2009:0409",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0409.html"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "34622",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34622"
},
{
"name": "1021994",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021994"
},
{
"name": "FEDORA-2009-2852",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00206.html"
},
{
"name": "FEDORA-2009-2834",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00205.html"
},
{
"name": "RHSA-2009:0410",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0410.html"
},
{
"name": "[security-announce] 20090701 VMSA-2009-0008 ESX Service Console update for krb5",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000059.html"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0058",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0058"
},
{
"name": "20090407 rPSA-2009-0058-1 krb5 krb5-server krb5-services krb5-test krb5-workstation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502546/100/0/threaded"
},
{
"name": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt",
"refsource": "CONFIRM",
"url": "http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2009-002.txt"
},
{
"name": "HPSBOV02682",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497213107107&w=2"
},
{
"name": "34594",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34594"
},
{
"name": "ADV-2009-1106",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1106"
},
{
"name": "HPSBUX02421",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124896429301168&w=2"
},
{
"name": "34409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34409"
},
{
"name": "SSRT090047",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124896429301168&w=2"
}
]
}
}

160
2009/1xxx/CVE-2009-1446.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1446",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1446",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8514",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8514"
},
{
"name" : "34679",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34679"
},
{
"name" : "54115",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54115"
},
{
"name" : "25844",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25844"
},
{
"name" : "ADV-2009-1149",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1149"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in upload.php in Elkagroup Image Gallery 1.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in gallery/pictures/. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54115",
"refsource": "OSVDB",
"url": "http://osvdb.org/54115"
},
{
"name": "8514",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8514"
},
{
"name": "ADV-2009-1149",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1149"
},
{
"name": "34679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34679"
},
{
"name": "25844",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25844"
}
]
}
}

200
2009/1xxx/CVE-2009-1934.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1934",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1",
"refsource" : "CONFIRM",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm"
},
{
"name" : "259588",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1"
},
{
"name" : "35204",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35204"
},
{
"name" : "54872",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54872"
},
{
"name" : "1022334",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022334"
},
{
"name" : "35338",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35338"
},
{
"name" : "ADV-2009-1500",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1500"
},
{
"name" : "jsws-reverseproxyplugin-xss(50951)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50951"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "259588",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259588-1"
},
{
"name": "35338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35338"
},
{
"name": "35204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35204"
},
{
"name": "54872",
"refsource": "OSVDB",
"url": "http://osvdb.org/54872"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-116648-23-1"
},
{
"name": "ADV-2009-1500",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1500"
},
{
"name": "1022334",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022334"
},
{
"name": "jsws-reverseproxyplugin-xss(50951)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50951"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-211.htm"
}
]
}
}

160
2009/1xxx/CVE-2009-1948.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1948",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2) include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[UTE][__tplCollection][a][file] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8841",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8841"
},
{
"name" : "35183",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35183"
},
{
"name" : "35299",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35299"
},
{
"name" : "unb-forum-directory-traversal(50877)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50877"
},
{
"name" : "unb-forum-file-include(50878)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50878"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in forum.php in Unclassified NewsBoard (UNB) 1.6.4, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to (1) read arbitrary recently-modified files via a .. (dot dot) in the GLOBALS[filename] parameter or (2) include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[UTE][__tplCollection][a][file] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "unb-forum-directory-traversal(50877)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50877"
},
{
"name": "unb-forum-file-include(50878)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50878"
},
{
"name": "35183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35183"
},
{
"name": "35299",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35299"
},
{
"name": "8841",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8841"
}
]
}
}

150
2009/4xxx/CVE-2009-4996.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4996",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4996",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugzilla.xfce.org/show_bug.cgi?id=4805",
"refsource" : "MISC",
"url" : "http://bugzilla.xfce.org/show_bug.cgi?id=4805"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=525395",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=525395"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=587633",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=587633"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=614608",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=614608"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Xfce4-session 4.5.91 in Xfce does not lock the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. NOTE: there is no general agreement that this is a vulnerability, because separate control over locking can be an equally secure, or more secure, behavior in some threat environments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.xfce.org/show_bug.cgi?id=4805",
"refsource": "MISC",
"url": "http://bugzilla.xfce.org/show_bug.cgi?id=4805"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=614608",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=614608"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=587633",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=587633"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=525395",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=525395"
}
]
}
}

200
2012/2xxx/CVE-2012-2319.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2319",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120507 Re: CVE request: Linux kernel: Buffer overflow in HFS plus filesystem",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/07/11"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f24f892871acc47b40dd594c63606a17c714f77",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f24f892871acc47b40dd594c63606a17c714f77"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=819471",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=819471"
},
{
"name" : "https://github.com/torvalds/linux/commit/6f24f892871acc47b40dd594c63606a17c714f77",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/6f24f892871acc47b40dd594c63606a17c714f77"
},
{
"name" : "RHSA-2012:1323",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1323.html"
},
{
"name" : "RHSA-2012:1347",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1347.html"
},
{
"name" : "SUSE-SU-2015:0812",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
},
{
"name" : "50811",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50811"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel before 3.3.5 allow local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "50811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50811"
},
{
"name": "[oss-security] 20120507 Re: CVE request: Linux kernel: Buffer overflow in HFS plus filesystem",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/07/11"
},
{
"name": "RHSA-2012:1323",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1323.html"
},
{
"name": "RHSA-2012:1347",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1347.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=819471",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=819471"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5"
},
{
"name": "https://github.com/torvalds/linux/commit/6f24f892871acc47b40dd594c63606a17c714f77",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/6f24f892871acc47b40dd594c63606a17c714f77"
},
{
"name": "SUSE-SU-2015:0812",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f24f892871acc47b40dd594c63606a17c714f77",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=6f24f892871acc47b40dd594c63606a17c714f77"
}
]
}
}

160
2012/2xxx/CVE-2012-2512.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities"
},
{
"name" : "https://service.sap.com/sap/support/notes/1687910",
"refsource" : "MISC",
"url" : "https://service.sap.com/sap/support/notes/1687910"
},
{
"name" : "http://scn.sap.com/docs/DOC-8218",
"refsource" : "CONFIRM",
"url" : "http://scn.sap.com/docs/DOC-8218"
},
{
"name" : "1027052",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027052"
},
{
"name" : "netweaver-diagtracestream-dos(75454)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75454"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netweaver-diagtracestream-dos(75454)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75454"
},
{
"name": "https://service.sap.com/sap/support/notes/1687910",
"refsource": "MISC",
"url": "https://service.sap.com/sap/support/notes/1687910"
},
{
"name": "http://scn.sap.com/docs/DOC-8218",
"refsource": "CONFIRM",
"url": "http://scn.sap.com/docs/DOC-8218"
},
{
"name": "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/sap-netweaver-dispatcher-multiple-vulnerabilities"
},
{
"name": "1027052",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027052"
}
]
}
}

170
2012/2xxx/CVE-2012-2890.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2890",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=143798",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=143798"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=144072",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=144072"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=147402",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=147402"
},
{
"name" : "oval:org.mitre.oval:def:15766",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15766"
},
{
"name" : "google-chrome-cve20122890(78841)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78841"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the PDF functionality in Google Chrome before 22.0.1229.79 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=144072",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=144072"
},
{
"name": "oval:org.mitre.oval:def:15766",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15766"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=147402",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=147402"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=143798",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=143798"
},
{
"name": "google-chrome-cve20122890(78841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78841"
}
]
}
}

140
2012/2xxx/CVE-2012-2960.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2960",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU02836",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700"
},
{
"name" : "SSRT100864",
"refsource" : "HP",
"url" : "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700"
},
{
"name" : "VU#960468",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/960468"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMU02836",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700"
},
{
"name": "VU#960468",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/960468"
},
{
"name": "SSRT100864",
"refsource": "HP",
"url": "http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_na-c03606700"
}
]
}
}

290
2012/3xxx/CVE-2012-3430.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3430",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120726 Re: CVE Request -- kernel: recv{from,msg}() on an rds socket can leak kernel memory",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/07/26/5"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06b6a1cf6e776426766298d055bb3991957d90a7",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06b6a1cf6e776426766298d055bb3991957d90a7"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.44",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.44"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=820039",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=820039"
},
{
"name" : "https://github.com/torvalds/linux/commit/06b6a1cf6e776426766298d055bb3991957d90a7",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/06b6a1cf6e776426766298d055bb3991957d90a7"
},
{
"name" : "RHSA-2012:1323",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1323.html"
},
{
"name" : "SUSE-SU-2012:1679",
"refsource" : "SUSE",
"url" : "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html"
},
{
"name" : "USN-1567-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1567-1"
},
{
"name" : "USN-1568-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1568-1"
},
{
"name" : "USN-1572-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1572-1"
},
{
"name" : "USN-1579-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1579-1"
},
{
"name" : "USN-1580-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1580-1"
},
{
"name" : "USN-1575-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1575-1"
},
{
"name" : "USN-1577-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1577-1"
},
{
"name" : "USN-1578-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1578-1"
},
{
"name" : "50633",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50633"
},
{
"name" : "50811",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50811"
},
{
"name" : "50732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50732"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-1572-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1572-1"
},
{
"name": "USN-1579-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1579-1"
},
{
"name": "USN-1578-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1578-1"
},
{
"name": "50732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50732"
},
{
"name": "50811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50811"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.44",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.0.44"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06b6a1cf6e776426766298d055bb3991957d90a7",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06b6a1cf6e776426766298d055bb3991957d90a7"
},
{
"name": "USN-1567-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1567-1"
},
{
"name": "RHSA-2012:1323",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1323.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=820039",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=820039"
},
{
"name": "USN-1577-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1577-1"
},
{
"name": "SUSE-SU-2012:1679",
"refsource": "SUSE",
"url": "https://www.suse.com/support/update/announcement/2012/suse-su-20121679-1.html"
},
{
"name": "USN-1568-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1568-1"
},
{
"name": "USN-1575-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1575-1"
},
{
"name": "https://github.com/torvalds/linux/commit/06b6a1cf6e776426766298d055bb3991957d90a7",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/06b6a1cf6e776426766298d055bb3991957d90a7"
},
{
"name": "50633",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50633"
},
{
"name": "USN-1580-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1580-1"
},
{
"name": "[oss-security] 20120726 Re: CVE Request -- kernel: recv{from,msg}() on an rds socket can leak kernel memory",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/26/5"
}
]
}
}

180
2012/3xxx/CVE-2012-3548.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3548",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120829 Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2012/08/29/4"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=849926",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=849926"
},
{
"name" : "GLSA-201308-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name" : "oval:org.mitre.oval:def:15646",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15646"
},
{
"name" : "1027464",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027464"
},
{
"name" : "54425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/54425"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dissect_drda function in epan/dissectors/packet-drda.c in Wireshark 1.6.x through 1.6.10 and 1.8.x through 1.8.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a small value for a certain length field in a capture file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:15646",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15646"
},
{
"name": "[oss-security] 20120829 Re: CVE Request -- wireshark (X >= 1.6.8): DoS (excessive CPU use and infinite loop) in DRDA dissector",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/29/4"
},
{
"name": "54425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/54425"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=849926",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849926"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7666"
},
{
"name": "GLSA-201308-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-201308-05.xml"
},
{
"name": "1027464",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027464"
}
]
}
}

120
2012/3xxx/CVE-2012-3859.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3859",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3859",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html",
"refsource" : "MISC",
"url" : "http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html",
"refsource": "MISC",
"url": "http://infosec42.blogspot.com/2012/07/cve-2012-2446-cve-2012-2447-cve-2012.html"
}
]
}
}

190
2012/4xxx/CVE-2012-4037.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4037",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120726 Transmission BitTorrent XSS Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
},
{
"name" : "http://www.madirish.net/541",
"refsource" : "MISC",
"url" : "http://www.madirish.net/541"
},
{
"name" : "https://trac.transmissionbt.com/ticket/4979",
"refsource" : "CONFIRM",
"url" : "https://trac.transmissionbt.com/ticket/4979"
},
{
"name" : "https://trac.transmissionbt.com/wiki/Changes#version-2.61",
"refsource" : "CONFIRM",
"url" : "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
},
{
"name" : "USN-1584-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1584-1"
},
{
"name" : "54705",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54705"
},
{
"name" : "50027",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50027"
},
{
"name" : "50769",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50769"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the web client in Transmission before 2.61 allow remote attackers to inject arbitrary web script or HTML via the (1) comment, (2) created by, or (3) name field in a torrent file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.madirish.net/541",
"refsource": "MISC",
"url": "http://www.madirish.net/541"
},
{
"name": "50769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50769"
},
{
"name": "20120726 Transmission BitTorrent XSS Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-07/0349.html"
},
{
"name": "54705",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54705"
},
{
"name": "https://trac.transmissionbt.com/wiki/Changes#version-2.61",
"refsource": "CONFIRM",
"url": "https://trac.transmissionbt.com/wiki/Changes#version-2.61"
},
{
"name": "https://trac.transmissionbt.com/ticket/4979",
"refsource": "CONFIRM",
"url": "https://trac.transmissionbt.com/ticket/4979"
},
{
"name": "50027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50027"
},
{
"name": "USN-1584-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1584-1"
}
]
}
}

34
2012/4xxx/CVE-2012-4811.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4811",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-4811",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

34
2012/6xxx/CVE-2012-6091.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6091",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6091",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2015/5xxx/CVE-2015-5076.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5076",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in protected/views/admin/rollbackImport.php; the (3) bc, (4) fg, (5) bgc, or (6) font parameter in protected/views/site/listener.php; the (7) Services[*] parameter in protected/components/views/webForm.php; the (8) file parameter in protected/components/TranslationManager.php; the (9) x2_key parameter in protected/tests/webscripts/x2WebTrackingTestPages/customWebLeadCaptureScriptTest.php; the (10) id parameter in protected/modules/contacts/controllers/ContactsController.php; or the (11) lastEventId parameter to index.php/profile/getEvents."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5076",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150925 CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536545/100/0/threaded"
},
{
"name" : "20150925 CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Sep/91"
},
{
"name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5076/",
"refsource" : "MISC",
"url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5076/"
},
{
"name" : "http://packetstormsecurity.com/files/133716/X2Engine-4.2-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133716/X2Engine-4.2-Cross-Site-Scripting.html"
},
{
"name" : "https://github.com/X2Engine/X2CRM/commit/10b72bfe7a1b9694f19a0adef72d85a754d4d3f8",
"refsource" : "CONFIRM",
"url" : "https://github.com/X2Engine/X2CRM/commit/10b72bfe7a1b9694f19a0adef72d85a754d4d3f8"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM before 5.0.9 allow remote attackers to inject arbitrary web script or HTML via the (1) version parameter in protected/views/admin/formEditor.php; the (2) importId parameter in protected/views/admin/rollbackImport.php; the (3) bc, (4) fg, (5) bgc, or (6) font parameter in protected/views/site/listener.php; the (7) Services[*] parameter in protected/components/views/webForm.php; the (8) file parameter in protected/components/TranslationManager.php; the (9) x2_key parameter in protected/tests/webscripts/x2WebTrackingTestPages/customWebLeadCaptureScriptTest.php; the (10) id parameter in protected/modules/contacts/controllers/ContactsController.php; or the (11) lastEventId parameter to index.php/profile/getEvents."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150925 CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536545/100/0/threaded"
},
{
"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5076/",
"refsource": "MISC",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-5076/"
},
{
"name": "http://packetstormsecurity.com/files/133716/X2Engine-4.2-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133716/X2Engine-4.2-Cross-Site-Scripting.html"
},
{
"name": "https://github.com/X2Engine/X2CRM/commit/10b72bfe7a1b9694f19a0adef72d85a754d4d3f8",
"refsource": "CONFIRM",
"url": "https://github.com/X2Engine/X2CRM/commit/10b72bfe7a1b9694f19a0adef72d85a754d4d3f8"
},
{
"name": "20150925 CVE-2015-5076 - Vulnerability title: Reflective XSS In X2Engine Inc. X2Engine",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Sep/91"
}
]
}
}

34
2015/5xxx/CVE-2015-5415.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5415",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-5415",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

34
2017/2xxx/CVE-2017-2001.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2001",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2001",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

34
2017/2xxx/CVE-2017-2041.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2041",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2017-2041",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none."
}
]
}
}

190
2017/2xxx/CVE-2017-2370.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2370",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "41163",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/41163/"
},
{
"name" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1004",
"refsource" : "MISC",
"url" : "https://bugs.chromium.org/p/project-zero/issues/detail?id=1004"
},
{
"name" : "https://support.apple.com/HT207482",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207482"
},
{
"name" : "https://support.apple.com/HT207483",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207483"
},
{
"name" : "https://support.apple.com/HT207485",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207485"
},
{
"name" : "https://support.apple.com/HT207487",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207487"
},
{
"name" : "95731",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/95731"
},
{
"name" : "1037668",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037668"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involves the \"Kernel\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (buffer overflow) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1004",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1004"
},
{
"name": "41163",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/41163/"
},
{
"name": "https://support.apple.com/HT207487",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207487"
},
{
"name": "https://support.apple.com/HT207483",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207483"
},
{
"name": "95731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95731"
},
{
"name": "https://support.apple.com/HT207485",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207485"
},
{
"name": "https://support.apple.com/HT207482",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207482"
},
{
"name": "1037668",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037668"
}
]
}
}

130
2017/2xxx/CVE-2017-2500.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2500",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207804",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207804"
},
{
"name" : "1038487",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038487"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. Safari before 10.1.1 is affected. The issue involves the \"Safari\" component. It allows remote attackers to spoof the address bar via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038487",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038487"
},
{
"name": "https://support.apple.com/HT207804",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207804"
}
]
}
}

132
2017/2xxx/CVE-2017-2661.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2017-03-20T00:00:00",
"ID" : "CVE-2017-2661",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "pcs",
"version" : {
"version_data" : [
{
"version_value" : "0.9.157"
}
]
}
}
]
},
"vendor_name" : "ClusterLabs"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-03-20T00:00:00",
"ID": "CVE-2017-2661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pcs",
"version": {
"version_data": [
{
"version_value": "0.9.157"
}
]
}
}
]
},
"vendor_name": "ClusterLabs"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1428948",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1428948"
},
{
"name" : "https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f",
"refsource" : "CONFIRM",
"url" : "https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f",
"refsource": "CONFIRM",
"url": "https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1428948",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1428948"
}
]
}
}

122
2018/11xxx/CVE-2018-11447.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "productcert@siemens.com",
"DATE_PUBLIC" : "2018-06-15T00:00:00",
"ID" : "CVE-2018-11447",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SCALANCE M875",
"version" : {
"version_data" : [
{
"version_value" : "SCALANCE M875 All versions"
}
]
}
}
]
},
"vendor_name" : "Siemens AG"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-121: Stack-based Buffer Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "productcert@siemens.com",
"DATE_PUBLIC": "2018-06-15T00:00:00",
"ID": "CVE-2018-11447",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SCALANCE M875",
"version": {
"version_data": [
{
"version_value": "SCALANCE M875 All versions"
}
]
}
}
]
},
"vendor_name": "Siemens AG"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf",
"refsource" : "CONFIRM",
"url" : "https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability has been identified in SCALANCE M875 (All versions). The web interface on port 443/tcp could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user is tricked into accessing a malicious link. Successful exploitation requires user interaction by an legitimate user, who must be authenticated to the web interface as administrative user. A successful attack could allow an attacker to interact with the web interface as an administrative user. This could allow the attacker to read or modify the device configuration, or to exploit other vulnerabilities that require authentication as administrative user. At the time of advisory publication no public exploitation of this security vulnerability was known."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-121: Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-977428.pdf"
}
]
}
}

120
2018/11xxx/CVE-2018-11486.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://labs.threatpress.com/stored-cross-site-scripting-xss-in-advance-search-for-woocommerce-plugin/",
"refsource" : "MISC",
"url" : "http://labs.threatpress.com/stored-cross-site-scripting-xss-in-advance-search-for-woocommerce-plugin/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-authenticated user can save the plugin settings and inject malicious JavaScript code in the Custom CSS textarea field, which will be loaded on every site page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://labs.threatpress.com/stored-cross-site-scripting-xss-in-advance-search-for-woocommerce-plugin/",
"refsource": "MISC",
"url": "http://labs.threatpress.com/stored-cross-site-scripting-xss-in-advance-search-for-woocommerce-plugin/"
}
]
}
}

120
2018/11xxx/CVE-2018-11544.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11544",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pastebin.com/ygwczqpP",
"refsource" : "MISC",
"url" : "https://pastebin.com/ygwczqpP"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.ftpserver_preferences.xml file as the prefUsername and prefUserpass strings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/ygwczqpP",
"refsource": "MISC",
"url": "https://pastebin.com/ygwczqpP"
}
]
}
}

130
2018/14xxx/CVE-2018-14302.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14302",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.5096"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Square annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6218."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-416-Use After Free"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.5096"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-762",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-762"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of Square annotations. By manipulating a document's elements, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6218."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-416-Use After Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-762",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-762"
}
]
}
}

170
2018/14xxx/CVE-2018-14648.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-14648",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "389-ds-base:",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-400"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "389-ds-base:",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181025 [SECURITY] [DLA 1554-1] 389-ds-base security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648"
},
{
"name" : "RHSA-2018:3127",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3127"
},
{
"name" : "RHSA-2018:3507",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3507"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in 389 Directory Server. A specially crafted search query could lead to excessive CPU consumption in the do_search() function. An unauthenticated attacker could use this flaw to provoke a denial of service."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "7.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181025 [SECURITY] [DLA 1554-1] 389-ds-base security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00015.html"
},
{
"name": "RHSA-2018:3507",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3507"
},
{
"name": "RHSA-2018:3127",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3127"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14648"
}
]
}
}

34
2018/14xxx/CVE-2018-14860.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14860",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14860",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/15xxx/CVE-2018-15657.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15657",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx \"url\" parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15657",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "46305",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/46305/"
},
{
"name" : "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/",
"refsource" : "MISC",
"url" : "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx \"url\" parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46305",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/46305/"
},
{
"name": "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/",
"refsource": "MISC",
"url": "https://research.digitalinterruption.com/2019/01/31/multiple-vulnerabilities-found-in-mobile-device-management-software/"
}
]
}
}

166
2018/15xxx/CVE-2018-15766.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-10-09T17:59:00.000Z",
"ID" : "CVE-2018-15766",
"STATE" : "PUBLIC",
"TITLE" : "Dell Encryption and Dell Endpoint Security Suite Enterprise Security Policy Overwrite Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Encryption",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "10.0.1 "
}
]
}
},
{
"product_name" : "Endpoint Security Suite Enterprise ",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "2.0.1"
}
]
}
}
]
},
"vendor_name" : "Dell"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the \"Minimum Password Length\" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the \"Encryption Management Agent\" or \"EMAgent\" application. There are no other known values modified."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Password Policy Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-10-09T17:59:00.000Z",
"ID": "CVE-2018-15766",
"STATE": "PUBLIC",
"TITLE": "Dell Encryption and Dell Endpoint Security Suite Enterprise Security Policy Overwrite Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Encryption",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "10.0.1 "
}
]
}
},
{
"product_name": "Endpoint Security Suite Enterprise ",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.0.1"
}
]
}
}
]
},
"vendor_name": "Dell"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.dell.com/support/article/us/en/04/sln313561/dell-encryption-and-dell-endpoint-security-suite-enterprise-security-policy-overwrite-vulnerability?lang=en",
"refsource" : "CONFIRM",
"url" : "https://www.dell.com/support/article/us/en/04/sln313561/dell-encryption-and-dell-endpoint-security-suite-enterprise-security-policy-overwrite-vulnerability?lang=en"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
},
"work_around" : [
{
"lang" : "eng",
"value" : "For affected devices, the minimum password length policy should be changed manually to what is desired for the current environment.\n\nIf Dell Endpoint Security Suite Enterprise or Dell Encryption Enterprises Encryption Management Agent is installed on a Domain Controller or a device that is not joined to a domain, the default minimum password length will need to be changed on the local device.\nIf Dell Endpoint Security Suite Enterprise or Dell Encryption Enterprises Encryption Management Agent is installed on a device that is joined to a domain, the default minimum password length will need to be changed within the enterprises Group Policy Management console.\nDefault values for this property is 7 in most configurations.\n\nThis Microsoft KB article outlines how to modify this setting:\nhttps://technet.microsoft.com/en-us/library/dd277399.aspx External Link"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On install, Dell Encryption versions prior 10.0.1 and Dell Endpoint Security Suite Enterprise versions prior 2.0.1 will overwrite and manually set the \"Minimum Password Length\" group policy object to a value of 1 on that device. This allows for users to bypass any existing policy for password length and potentially create insecure password on their device. This value is defined during the installation of the \"Encryption Management Agent\" or \"EMAgent\" application. There are no other known values modified."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Password Policy Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/us/en/04/sln313561/dell-encryption-and-dell-endpoint-security-suite-enterprise-security-policy-overwrite-vulnerability?lang=en",
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/article/us/en/04/sln313561/dell-encryption-and-dell-endpoint-security-suite-enterprise-security-policy-overwrite-vulnerability?lang=en"
}
]
},
"source": {
"discovery": "UNKNOWN"
},
"work_around": [
{
"lang": "eng",
"value": "For affected devices, the minimum password length policy should be changed manually to what is desired for the current environment.\n\nIf Dell Endpoint Security Suite Enterprise or Dell Encryption Enterprise\u2019s Encryption Management Agent is installed on a Domain Controller or a device that is not joined to a domain, the default minimum password length will need to be changed on the local device.\nIf Dell Endpoint Security Suite Enterprise or Dell Encryption Enterprise\u2019s Encryption Management Agent is installed on a device that is joined to a domain, the default minimum password length will need to be changed within the enterprise\u2019s Group Policy Management console.\nDefault values for this property is \u20187\u2019 in most configurations.\n\nThis Microsoft KB article outlines how to modify this setting:\nhttps://technet.microsoft.com/en-us/library/dd277399.aspx External Link"
}
]
}

34
2018/15xxx/CVE-2018-15819.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15819",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15819",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

152
2018/8xxx/CVE-2018-8038.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-07-04T00:00:00",
"ID" : "CVE-2018-8038",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache CXF Fediz",
"version" : {
"version_data" : [
{
"version_value" : "prior to 1.4.4"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-07-04T00:00:00",
"ID": "CVE-2018-8038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache CXF Fediz",
"version": {
"version_data": [
{
"version_value": "prior to 1.4.4"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[cxf-dev] 20180704 Apache CXF Fediz 1.4.4 is released",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/f0a6a05ec3b3a00458da43712b0ff3a2f573175d9bfb39fb0de21424@%3Cdev.cxf.apache.org%3E"
},
{
"name" : "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc",
"refsource" : "CONFIRM",
"url" : "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc"
},
{
"name" : "https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d",
"refsource" : "CONFIRM",
"url" : "https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d"
},
{
"name" : "1041220",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041220"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of Apache CXF Fediz prior to 1.4.4 do not fully disable Document Type Declarations (DTDs) when either parsing the Identity Provider response in the application plugins, or in the Identity Provider itself when parsing certain XML-based parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[cxf-dev] 20180704 Apache CXF Fediz 1.4.4 is released",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/f0a6a05ec3b3a00458da43712b0ff3a2f573175d9bfb39fb0de21424@%3Cdev.cxf.apache.org%3E"
},
{
"name": "1041220",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041220"
},
{
"name": "https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d",
"refsource": "CONFIRM",
"url": "https://github.com/apache/cxf-fediz/commit/b6ed9865d0614332fa419fe4b6d0fe81bc2e660d"
},
{
"name": "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc",
"refsource": "CONFIRM",
"url": "http://cxf.apache.org/security-advisories.data/CVE-2018-8038.txt.asc"
}
]
}
}

428
2018/8xxx/CVE-2018-8169.json
View File

@ -1,216 +1,216 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2008",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 2"
},
{
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value" : "Itanium-Based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka \"HIDParser Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8169",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8169"
},
{
"name" : "104356",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104356"
},
{
"name" : "1041093",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041093"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when the (Human Interface Device) HID Parser Library driver improperly handles objects in memory, aka \"HIDParser Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104356",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104356"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8169",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8169"
},
{
"name": "1041093",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041093"
}
]
}
}

34
2018/8xxx/CVE-2018-8699.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8699",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8699",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/8xxx/CVE-2018-8817.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Wampserver before 3.1.3 has CSRF in add_vhost.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44385",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44385/"
},
{
"name" : "http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722",
"refsource" : "MISC",
"url" : "http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wampserver before 3.1.3 has CSRF in add_vhost.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44385",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44385/"
},
{
"name": "http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722",
"refsource": "MISC",
"url": "http://forum.wampserver.com/read.php?2,138295,150722,page=6#msg-150722"
}
]
}
}