admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:43:15 +00:00
parent ce01638c03
commit 3a8d9b3b67
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
67 changed files with 4547 additions and 4547 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/1xxx/CVE-1999-1068.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19970723 DoS against Oracle Webserver 2.1 with PL/SQL stored procedures",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=87602661419366&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19970723 DoS against Oracle Webserver 2.1 with PL/SQL stored procedures",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=87602661419366&w=2"
}
]
}
}

160
1999/1xxx/CVE-1999-1139.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1139",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19980121 HP-UX CUE, CUD and LAND vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://security-archive.merton.ox.ac.uk/bugtraq-199801/0122.html"
},
{
"name" : "19970901 HP UX Bug :)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=87602880019745&w=2"
},
{
"name" : "HPSBUX9801-074",
"refsource" : "HP",
"url" : "http://www.codetalker.com/advisories/vendor/hp/hpsbux9801-074.html"
},
{
"name" : "I-027B",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/i-027b.shtml"
},
{
"name" : "hp-cue(2007)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/2007.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBUX9801-074",
"refsource": "HP",
"url": "http://www.codetalker.com/advisories/vendor/hp/hpsbux9801-074.html"
},
{
"name": "hp-cue(2007)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/2007.php"
},
{
"name": "19980121 HP-UX CUE, CUD and LAND vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://security-archive.merton.ox.ac.uk/bugtraq-199801/0122.html"
},
{
"name": "19970901 HP UX Bug :)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=87602880019745&w=2"
},
{
"name": "I-027B",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/i-027b.shtml"
}
]
}
}

120
1999/1xxx/CVE-1999-1296.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1296",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1296",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19970429 vulnerabilities in kerberos",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=87602167420878&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRB_CONF environmental variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19970429 vulnerabilities in kerberos",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=87602167420878&w=2"
}
]
}
}

140
2000/0xxx/CVE-2000-0168.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0168",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the \"DOS Device in Path Name\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000306 con\\con is a old thing (anyway is cool)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com"
},
{
"name" : "MS00-017",
"refsource" : "MS",
"url" : "http://www.securityfocus.com/templates/advisory.html?id=2126"
},
{
"name" : "1043",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1043"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the \"DOS Device in Path Name\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS00-017",
"refsource": "MS",
"url": "http://www.securityfocus.com/templates/advisory.html?id=2126"
},
{
"name": "1043",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1043"
},
{
"name": "20000306 con\\con is a old thing (anyway is cool)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com"
}
]
}
}

130
2000/0xxx/CVE-2000-0667.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0667",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "CSSA-2000-024.0 ",
"refsource" : "CALDERA",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-07/0273.html"
},
{
"name" : "1512",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1512"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in gpm in Caldera Linux allows local users to delete arbitrary files or conduct a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1512",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1512"
},
{
"refsource": "CALDERA",
"name": "CSSA-2000-024.0",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0273.html"
}
]
}
}

130
2000/1xxx/CVE-2000-1168.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1168",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001123 IBM HTTP Server 1.3.6 Remote Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=97502498610979&w=2"
},
{
"name" : "1988",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1988"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001123 IBM HTTP Server 1.3.6 Remote Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=97502498610979&w=2"
},
{
"name": "1988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1988"
}
]
}
}

120
2000/1xxx/CVE-2000-1225.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1225",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1225",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html",
"refsource" : "MISC",
"url" : "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin directory, which allows remote attackers to gain sensitive configuration information about the web server by accessing the program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html",
"refsource": "MISC",
"url": "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html"
}
]
}
}

220
2005/2xxx/CVE-2005-2118.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2118",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2005-2118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.argeniss.com/research/MSBugPaper.pdf",
"refsource" : "MISC",
"url" : "http://www.argeniss.com/research/MSBugPaper.pdf"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf"
},
{
"name" : "MS05-049",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-049"
},
{
"name" : "TA05-284A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-284A.html"
},
{
"name" : "15070",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15070"
},
{
"name" : "oval:org.mitre.oval:def:1116",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1116"
},
{
"name" : "oval:org.mitre.oval:def:1192",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1192"
},
{
"name" : "1015040",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015040"
},
{
"name" : "17168",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17168"
},
{
"name" : "17172",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17172"
},
{
"name" : "17223",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17223"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:1192",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1192"
},
{
"name": "1015040",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015040"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf"
},
{
"name": "15070",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15070"
},
{
"name": "17223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17223"
},
{
"name": "oval:org.mitre.oval:def:1116",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1116"
},
{
"name": "MS05-049",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-049"
},
{
"name": "17168",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17168"
},
{
"name": "17172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17172"
},
{
"name": "http://www.argeniss.com/research/MSBugPaper.pdf",
"refsource": "MISC",
"url": "http://www.argeniss.com/research/MSBugPaper.pdf"
},
{
"name": "TA05-284A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-284A.html"
}
]
}
}

130
2005/2xxx/CVE-2005-2189.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2189",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050707 Multiple vulnerabilities in Lantronix SLC console server",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112075990621765&w=2"
},
{
"name" : "15979",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15979"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lantronix SecureLinx console server running firmware 2.0 and 3.0 stores /etc/ssh under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as SSH private keys."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15979",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15979"
},
{
"name": "20050707 Multiple vulnerabilities in Lantronix SLC console server",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112075990621765&w=2"
}
]
}
}

130
2005/2xxx/CVE-2005-2206.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, or the id parameter to (3) updateCreditCards.asp or (4) deleteCreditCards.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://digitalparadox.org/viewadvisories.ah?view=42",
"refsource" : "MISC",
"url" : "http://digitalparadox.org/viewadvisories.ah?view=42"
},
{
"name" : "1014418",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014418"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in CartWIZ allow remote attackers to modify SQL statements via the (1) idProduct parameter to tellAFriend.asp, (2) sortType parameter to viewSupportTickets.asp, or the id parameter to (3) updateCreditCards.asp or (4) deleteCreditCards.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014418",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014418"
},
{
"name": "http://digitalparadox.org/viewadvisories.ah?view=42",
"refsource": "MISC",
"url": "http://digitalparadox.org/viewadvisories.ah?view=42"
}
]
}
}

130
2005/2xxx/CVE-2005-2283.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2283",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/JGEI-6BWLER",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/JGEI-6BWLER"
},
{
"name" : "VU#956762",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/956762"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebEOC before 6.0.2 does not properly restrict the size of an uploaded file, which allows remote authenticated users to cause a denial of service (system and database resource consumption) via a large file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.kb.cert.org/vuls/id/JGEI-6BWLER",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/JGEI-6BWLER"
},
{
"name": "VU#956762",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/956762"
}
]
}
}

34
2005/3xxx/CVE-2005-3125.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3125",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-3125",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}

130
2005/3xxx/CVE-2005-3233.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple interpretation error in unspecified versions of Trustix Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051007 Antivirus detection bypass by special crafted archive.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2"
},
{
"name" : "http://shadock.net/secubox/AVCraftedArchive.html",
"refsource" : "MISC",
"url" : "http://shadock.net/secubox/AVCraftedArchive.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple interpretation error in unspecified versions of Trustix Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://shadock.net/secubox/AVCraftedArchive.html",
"refsource": "MISC",
"url": "http://shadock.net/secubox/AVCraftedArchive.html"
},
{
"name": "20051007 Antivirus detection bypass by special crafted archive.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2"
}
]
}
}

220
2005/3xxx/CVE-2005-3315.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051027 [CIRT.DK] - Novell ZENworks Patch Management Server 6.0.0.52 - SQL injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/414880"
},
{
"name" : "http://cirt.dk/advisories/cirt-39-advisory.pdf",
"refsource" : "MISC",
"url" : "http://cirt.dk/advisories/cirt-39-advisory.pdf"
},
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?10099318.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?10099318.htm"
},
{
"name" : "VU#536300",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/536300"
},
{
"name" : "15220",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15220"
},
{
"name" : "ADV-2005-2238",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2238"
},
{
"name" : "20362",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20362"
},
{
"name" : "20363",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20363"
},
{
"name" : "1015116",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015116"
},
{
"name" : "17358",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17358"
},
{
"name" : "124",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?10099318.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?10099318.htm"
},
{
"name": "124",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/124"
},
{
"name": "1015116",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015116"
},
{
"name": "20363",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20363"
},
{
"name": "VU#536300",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/536300"
},
{
"name": "17358",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17358"
},
{
"name": "20362",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20362"
},
{
"name": "20051027 [CIRT.DK] - Novell ZENworks Patch Management Server 6.0.0.52 - SQL injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/414880"
},
{
"name": "15220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15220"
},
{
"name": "ADV-2005-2238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2238"
},
{
"name": "http://cirt.dk/advisories/cirt-39-advisory.pdf",
"refsource": "MISC",
"url": "http://cirt.dk/advisories/cirt-39-advisory.pdf"
}
]
}
}

200
2005/3xxx/CVE-2005-3343.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3343",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-3343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-927",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-927"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=380030&group_id=64960",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=380030&group_id=64960"
},
{
"name" : "MDKSA-2006:001",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:001"
},
{
"name" : "16064",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16064"
},
{
"name" : "21933",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21933"
},
{
"name" : "1015421",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015421"
},
{
"name" : "18083",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18083"
},
{
"name" : "18215",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18215"
},
{
"name" : "tkdiff-tmp-file-symlink(23858)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23858"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=380030&group_id=64960",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=380030&group_id=64960"
},
{
"name": "16064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16064"
},
{
"name": "DSA-927",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-927"
},
{
"name": "tkdiff-tmp-file-symlink(23858)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23858"
},
{
"name": "18083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18083"
},
{
"name": "21933",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21933"
},
{
"name": "18215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18215"
},
{
"name": "MDKSA-2006:001",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:001"
},
{
"name": "1015421",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015421"
}
]
}
}

160
2005/3xxx/CVE-2005-3865.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/11/allweb-search-sql-inj-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/allweb-search-sql-inj-vuln.html"
},
{
"name" : "15587",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15587"
},
{
"name" : "ADV-2005-2610",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2610"
},
{
"name" : "21129",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21129"
},
{
"name" : "17709",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17709"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2005/11/allweb-search-sql-inj-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/allweb-search-sql-inj-vuln.html"
},
{
"name": "17709",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17709"
},
{
"name": "15587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15587"
},
{
"name": "ADV-2005-2610",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2610"
},
{
"name": "21129",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21129"
}
]
}
}

150
2005/3xxx/CVE-2005-3956.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3956",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sortorder and (3) display_num parameters in a news_list action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/11/dmanews-multiple-sql-inj-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/dmanews-multiple-sql-inj-vuln.html"
},
{
"name" : "15628",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15628"
},
{
"name" : "21165",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21165"
},
{
"name" : "17759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17759"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sortorder and (3) display_num parameters in a news_list action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2005/11/dmanews-multiple-sql-inj-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/dmanews-multiple-sql-inj-vuln.html"
},
{
"name": "21165",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21165"
},
{
"name": "17759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17759"
},
{
"name": "15628",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15628"
}
]
}
}

160
2005/3xxx/CVE-2005-3992.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3992",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) PASS command to the FTP server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3992",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051202 WinEggDropShell Multiple Remote Stack Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/418398"
},
{
"name" : "20051201 WinEggDropShell Multiple Remote Stack Overflow",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0059.html"
},
{
"name" : "http://secway.org/advisory/AD20051202.txt",
"refsource" : "MISC",
"url" : "http://secway.org/advisory/AD20051202.txt"
},
{
"name" : "15682",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15682"
},
{
"name" : "226",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/226"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3) PASS command to the FTP server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051201 WinEggDropShell Multiple Remote Stack Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0059.html"
},
{
"name": "http://secway.org/advisory/AD20051202.txt",
"refsource": "MISC",
"url": "http://secway.org/advisory/AD20051202.txt"
},
{
"name": "226",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/226"
},
{
"name": "15682",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15682"
},
{
"name": "20051202 WinEggDropShell Multiple Remote Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418398"
}
]
}
}

120
2005/4xxx/CVE-2005-4084.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4084",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allows remote attackers to obtain the installation path of the application via an invalid viewbackup parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4084",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051203 eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/418518/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier allows remote attackers to obtain the installation path of the application via an invalid viewbackup parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051203 eXtreme Styles mod <= 2.2.1 Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418518/100/0/threaded"
}
]
}
}

130
2005/4xxx/CVE-2005-4126.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4126",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows attackers to execute arbitrary code. NOTE: the information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "EEYEB-20051130",
"refsource" : "EEYE",
"url" : "http://www.eeye.com/html/research/upcoming/20051130.html"
},
{
"name" : "15691",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15691"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows attackers to execute arbitrary code. NOTE: the information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15691"
},
{
"name": "EEYEB-20051130",
"refsource": "EEYE",
"url": "http://www.eeye.com/html/research/upcoming/20051130.html"
}
]
}
}

190
2005/4xxx/CVE-2005-4639.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4639",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by \"reading more than 8 bytes into an 8 byte long array\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15"
},
{
"name" : "MDKSA-2006:040",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:040"
},
{
"name" : "USN-244-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/244-1/"
},
{
"name" : "16142",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16142"
},
{
"name" : "ADV-2006-0035",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0035"
},
{
"name" : "18216",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18216"
},
{
"name" : "18527",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18527"
},
{
"name" : "linux-kernel-cadriver-bo(43323)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/43323"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by \"reading more than 8 bytes into an 8 byte long array\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDKSA-2006:040",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:040"
},
{
"name": "linux-kernel-cadriver-bo(43323)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43323"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.15"
},
{
"name": "ADV-2006-0035",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0035"
},
{
"name": "18216",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18216"
},
{
"name": "16142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16142"
},
{
"name": "USN-244-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/244-1/"
},
{
"name": "18527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18527"
}
]
}
}

150
2005/4xxx/CVE-2005-4722.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4722",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via an invalid id argument to pagename.cfm, which reveals the installation path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4722",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://metawire.org/~adli/advisories/250405_tmspublisher_vulnerablility.signed.txt",
"refsource" : "MISC",
"url" : "http://metawire.org/~adli/advisories/250405_tmspublisher_vulnerablility.signed.txt"
},
{
"name" : "http://developer.tmsasia.com/page.cfm?name=security",
"refsource" : "CONFIRM",
"url" : "http://developer.tmsasia.com/page.cfm?name=security"
},
{
"name" : "23298",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/23298"
},
{
"name" : "tmspublisher-pagename-path-disclosure(25273)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/25273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via an invalid id argument to pagename.cfm, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://developer.tmsasia.com/page.cfm?name=security",
"refsource": "CONFIRM",
"url": "http://developer.tmsasia.com/page.cfm?name=security"
},
{
"name": "tmspublisher-pagename-path-disclosure(25273)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25273"
},
{
"name": "23298",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23298"
},
{
"name": "http://metawire.org/~adli/advisories/250405_tmspublisher_vulnerablility.signed.txt",
"refsource": "MISC",
"url": "http://metawire.org/~adli/advisories/250405_tmspublisher_vulnerablility.signed.txt"
}
]
}
}

200
2009/2xxx/CVE-2009-2026.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2026",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090806 CA20090806-01: Security Notice for Data Transport Services",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/505557/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-052/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-052/"
},
{
"name" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090",
"refsource" : "CONFIRM",
"url" : "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090"
},
{
"name" : "35984",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35984"
},
{
"name" : "56834",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56834"
},
{
"name" : "1022688",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022688"
},
{
"name" : "36142",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36142"
},
{
"name" : "ADV-2009-2195",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2195"
},
{
"name" : "ca-multiple-dtscore-bo(52322)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52322"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2195",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2195"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-052/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-052/"
},
{
"name": "36142",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36142"
},
{
"name": "20090806 CA20090806-01: Security Notice for Data Transport Services",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/505557/100/0/threaded"
},
{
"name": "1022688",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022688"
},
{
"name": "35984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35984"
},
{
"name": "ca-multiple-dtscore-bo(52322)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52322"
},
{
"name": "56834",
"refsource": "OSVDB",
"url": "http://osvdb.org/56834"
},
{
"name": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090",
"refsource": "CONFIRM",
"url": "https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=214090"
}
]
}
}

150
2009/2xxx/CVE-2009-2146.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ush.it/team/ush/hack-sugarcrm_520e/adv.txt",
"refsource" : "MISC",
"url" : "http://www.ush.it/team/ush/hack-sugarcrm_520e/adv.txt"
},
{
"name" : "http://www.sugarforge.org/frs/download.php/5598/Sugar_CommunityEdition_ReleaseNotes_5.2f.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.sugarforge.org/frs/download.php/5598/Sugar_CommunityEdition_ReleaseNotes_5.2f.pdf"
},
{
"name" : "35361",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35361"
},
{
"name" : "35445",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35445"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in the Compose Email feature in the Emails module in Sugar Community Edition (aka SugarCRM) before 5.2f allows remote authenticated users to execute arbitrary code by uploading a file with only an extension in its name, then accessing the file via a direct request to a modified filename under cache/modules/Emails/, as demonstrated using .php as the entire original name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sugarforge.org/frs/download.php/5598/Sugar_CommunityEdition_ReleaseNotes_5.2f.pdf",
"refsource": "CONFIRM",
"url": "http://www.sugarforge.org/frs/download.php/5598/Sugar_CommunityEdition_ReleaseNotes_5.2f.pdf"
},
{
"name": "35445",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35445"
},
{
"name": "http://www.ush.it/team/ush/hack-sugarcrm_520e/adv.txt",
"refsource": "MISC",
"url": "http://www.ush.it/team/ush/hack-sugarcrm_520e/adv.txt"
},
{
"name": "35361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35361"
}
]
}
}

34
2009/2xxx/CVE-2009-2729.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2729",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2729",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2009/2xxx/CVE-2009-2735.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9371",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9371"
},
{
"name" : "56812",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56812"
},
{
"name" : "36154",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36154"
},
{
"name" : "ADV-2009-2168",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2168"
},
{
"name" : "opennews-admin-sql-injection(52289)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52289"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9371",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9371"
},
{
"name": "opennews-admin-sql-injection(52289)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52289"
},
{
"name": "56812",
"refsource": "OSVDB",
"url": "http://osvdb.org/56812"
},
{
"name": "36154",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36154"
},
{
"name": "ADV-2009-2168",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2168"
}
]
}
}

140
2009/2xxx/CVE-2009-2960.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2960",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090821 Cuteflow Version 2.10.3 \"edituser.php\" Security Bypass Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506000/100/0/threaded"
},
{
"name" : "36099",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36099"
},
{
"name" : "36349",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36349"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090821 Cuteflow Version 2.10.3 \"edituser.php\" Security Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506000/100/0/threaded"
},
{
"name": "36349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36349"
},
{
"name": "36099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36099"
}
]
}
}

190
2009/2xxx/CVE-2009-2978.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html",
"refsource" : "MISC",
"url" : "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html"
},
{
"name" : "http://www.sugarcrm.com/forums/showthread.php?t=50907",
"refsource" : "CONFIRM",
"url" : "http://www.sugarcrm.com/forums/showthread.php?t=50907"
},
{
"name" : "http://www.sugarcrm.com/forums/showthread.php?t=50953",
"refsource" : "CONFIRM",
"url" : "http://www.sugarcrm.com/forums/showthread.php?t=50953"
},
{
"name" : "JVN#31035930",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN31035930/index.html"
},
{
"name" : "JVNDB-2009-000056",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html"
},
{
"name" : "36118",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36118"
},
{
"name" : "36423",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36423"
},
{
"name" : "sugarcrm-unspecified-sql-injection(52679)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52679"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and earlier, and 5.2.0g and earlier, allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sugarcrm-unspecified-sql-injection(52679)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52679"
},
{
"name": "JVNDB-2009-000056",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000056.html"
},
{
"name": "http://www.sugarcrm.com/forums/showthread.php?t=50907",
"refsource": "CONFIRM",
"url": "http://www.sugarcrm.com/forums/showthread.php?t=50907"
},
{
"name": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html",
"refsource": "MISC",
"url": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_sugarcrm.html"
},
{
"name": "http://www.sugarcrm.com/forums/showthread.php?t=50953",
"refsource": "CONFIRM",
"url": "http://www.sugarcrm.com/forums/showthread.php?t=50953"
},
{
"name": "36423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36423"
},
{
"name": "JVN#31035930",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN31035930/index.html"
},
{
"name": "36118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36118"
}
]
}
}

120
2009/3xxx/CVE-2009-3091.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3091",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://intevydis.com/vd-list.shtml",
"refsource" : "MISC",
"url" : "http://intevydis.com/vd-list.shtml"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability on the ASUS WL-330gE has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
}
]
}
}

190
2009/3xxx/CVE-2009-3692.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.virtualbox.org/wiki/Changelog",
"refsource" : "CONFIRM",
"url" : "http://www.virtualbox.org/wiki/Changelog"
},
{
"name" : "268188",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
},
{
"name" : "36604",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36604"
},
{
"name" : "58652",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/58652"
},
{
"name" : "1022990",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022990"
},
{
"name" : "36929",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36929"
},
{
"name" : "ADV-2009-2845",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2845"
},
{
"name" : "virtualbox-vboxnetadpctl-priv-escalation(53671)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.virtualbox.org/wiki/Changelog",
"refsource": "CONFIRM",
"url": "http://www.virtualbox.org/wiki/Changelog"
},
{
"name": "ADV-2009-2845",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2845"
},
{
"name": "36604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36604"
},
{
"name": "58652",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58652"
},
{
"name": "1022990",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022990"
},
{
"name": "36929",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36929"
},
{
"name": "268188",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268188-1"
},
{
"name": "virtualbox-vboxnetadpctl-priv-escalation(53671)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53671"
}
]
}
}

120
2009/3xxx/CVE-2009-3762.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3762",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3762",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows remote attackers to affect integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"
}
]
}
}

34
2009/3xxx/CVE-2009-3771.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3771",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3771",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

320
2009/3xxx/CVE-2009-3800.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3800",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2009-3800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=543857",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
},
{
"name" : "http://support.apple.com/kb/HT4004",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4004"
},
{
"name" : "APPLE-SA-2010-01-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
},
{
"name" : "RHSA-2009:1657",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
},
{
"name" : "RHSA-2009:1658",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
},
{
"name" : "1021716",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
},
{
"name" : "SUSE-SA:2009:062",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
},
{
"name" : "TA09-343A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
},
{
"name" : "37199",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37199"
},
{
"name" : "oval:org.mitre.oval:def:6972",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972"
},
{
"name" : "oval:org.mitre.oval:def:8613",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613"
},
{
"name" : "oval:org.mitre.oval:def:16054",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054"
},
{
"name" : "1023306",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023306"
},
{
"name" : "1023307",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023307"
},
{
"name" : "37584",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37584"
},
{
"name" : "37902",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37902"
},
{
"name" : "38241",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38241"
},
{
"name" : "ADV-2009-3456",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3456"
},
{
"name" : "ADV-2010-0173",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0173"
},
{
"name" : "flash-air-multiple-code-execution(54636)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54636"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:1657",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1657.html"
},
{
"name": "1023307",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023307"
},
{
"name": "flash-air-multiple-code-execution(54636)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54636"
},
{
"name": "http://support.apple.com/kb/HT4004",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4004"
},
{
"name": "1021716",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021716.1-1"
},
{
"name": "APPLE-SA-2010-01-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"
},
{
"name": "ADV-2009-3456",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3456"
},
{
"name": "SUSE-SA:2009:062",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00003.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=543857",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=543857"
},
{
"name": "37584",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37584"
},
{
"name": "37902",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37902"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-19.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-19.html"
},
{
"name": "1023306",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023306"
},
{
"name": "oval:org.mitre.oval:def:8613",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8613"
},
{
"name": "RHSA-2009:1658",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1658.html"
},
{
"name": "oval:org.mitre.oval:def:16054",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16054"
},
{
"name": "TA09-343A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-343A.html"
},
{
"name": "38241",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38241"
},
{
"name": "37199",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37199"
},
{
"name": "oval:org.mitre.oval:def:6972",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6972"
},
{
"name": "ADV-2010-0173",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0173"
}
]
}
}

150
2009/4xxx/CVE-2009-4101.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://addons.mozilla.org/en-US/firefox/addons/versions/361#version-1.2.0",
"refsource" : "MISC",
"url" : "https://addons.mozilla.org/en-US/firefox/addons/versions/361#version-1.2.0"
},
{
"name" : "37467",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37467"
},
{
"name" : "ADV-2009-3323",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3323"
},
{
"name" : "inforss-rss-xss(54370)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54370"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "inforss-rss-xss(54370)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54370"
},
{
"name": "37467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37467"
},
{
"name": "https://addons.mozilla.org/en-US/firefox/addons/versions/361#version-1.2.0",
"refsource": "MISC",
"url": "https://addons.mozilla.org/en-US/firefox/addons/versions/361#version-1.2.0"
},
{
"name": "ADV-2009-3323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3323"
}
]
}
}

210
2009/4xxx/CVE-2009-4737.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4737",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, 2004 through 2009, Viewer 2009 19.0.1.0 and earlier, and other versions allows context-dependent attackers to execute arbitrary code via a crafted Rich Text File (RTF), related to \"pvpara ffooter.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20090407",
"refsource" : "MISC",
"url" : "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20090407"
},
{
"name" : "http://www.ipa.go.jp/security/vuln/documents/2009/200904_ichitaro.html",
"refsource" : "MISC",
"url" : "http://www.ipa.go.jp/security/vuln/documents/2009/200904_ichitaro.html"
},
{
"name" : "http://www.justsystems.com/jp/info/js09002.html",
"refsource" : "CONFIRM",
"url" : "http://www.justsystems.com/jp/info/js09002.html"
},
{
"name" : "JVN#33846134",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN33846134/index.html"
},
{
"name" : "JVNDB-2009-000018",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000018.html"
},
{
"name" : "34403",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34403"
},
{
"name" : "53349",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/53349"
},
{
"name" : "34611",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34611"
},
{
"name" : "ADV-2009-0957",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0957"
},
{
"name" : "ichitaro-rtf-bo(49739)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49739"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, 2004 through 2009, Viewer 2009 19.0.1.0 and earlier, and other versions allows context-dependent attackers to execute arbitrary code via a crafted Rich Text File (RTF), related to \"pvpara ffooter.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34611",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34611"
},
{
"name": "53349",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/53349"
},
{
"name": "ADV-2009-0957",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0957"
},
{
"name": "http://www.justsystems.com/jp/info/js09002.html",
"refsource": "CONFIRM",
"url": "http://www.justsystems.com/jp/info/js09002.html"
},
{
"name": "34403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34403"
},
{
"name": "JVNDB-2009-000018",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000018.html"
},
{
"name": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20090407",
"refsource": "MISC",
"url": "http://www.fourteenforty.jp/research/advisory.cgi?FFRRA-20090407"
},
{
"name": "http://www.ipa.go.jp/security/vuln/documents/2009/200904_ichitaro.html",
"refsource": "MISC",
"url": "http://www.ipa.go.jp/security/vuln/documents/2009/200904_ichitaro.html"
},
{
"name": "ichitaro-rtf-bo(49739)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49739"
},
{
"name": "JVN#33846134",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN33846134/index.html"
}
]
}
}

130
2015/0xxx/CVE-2015-0502.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1 and 8.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name" : "1032127",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032127"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1 and 8.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032127",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032127"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
}
]
}
}

130
2015/0xxx/CVE-2015-0548.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0548",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2015-0548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2015/Jul/10"
},
{
"name" : "1032769",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032769"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The D2DownloadService.getDownloadUrls service method in EMC Documentum D2 4.1 and 4.2 before 4.2 P16 and 4.5 before P03 allows remote authenticated users to conduct Documentum Query Language (DQL) injection attacks and bypass intended read-access restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032769",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032769"
},
{
"name": "20150701 ESA-2015-108: EMC Documentum D2 Multiple DQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2015/Jul/10"
}
]
}
}

34
2015/0xxx/CVE-2015-0585.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0585",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-0585",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2015/0xxx/CVE-2015-0644.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via a crafted TCP packet, aka Bug ID CSCuo53622."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150325 Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe"
},
{
"name" : "1031981",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031981"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before 3.11.3S, 3.12 before 3.12.1S, 3.13 before 3.13.0S, 3.14 before 3.14.0S, and 3.15 before 3.15.0S allows remote attackers to execute arbitrary code or cause a denial of service (device reload) via a crafted TCP packet, aka Bug ID CSCuo53622."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1031981",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031981"
},
{
"name": "20150325 Multiple Vulnerabilities in Cisco IOS XE Software for Cisco ASR 1000 Series, Cisco ISR 4400 Series, and Cisco Cloud Services 1000v Series Routers",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-iosxe"
}
]
}
}

120
2015/0xxx/CVE-2015-0969.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0969",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#697316",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/697316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SearchBlox before 8.2 allows remote attackers to obtain sensitive information via a pretty=true action to the _cluster/health URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#697316",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/697316"
}
]
}
}

34
2015/1xxx/CVE-2015-1046.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1046",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-1046",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

150
2015/1xxx/CVE-2015-1137.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1137",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT204659",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204659"
},
{
"name" : "APPLE-SA-2015-04-08-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name" : "73982",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73982"
},
{
"name" : "1032048",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032048"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via an unspecified IOService userclient type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "73982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73982"
},
{
"name": "1032048",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032048"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
}
]
}
}

290
2015/1xxx/CVE-2015-1301.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=413706",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=413706"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=482369",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=482369"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=485413",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=485413"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=498338",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=498338"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=498475",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=498475"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=502794",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=502794"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=507018",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=507018"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=508703",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=508703"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=508705",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=508705"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=517364",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=517364"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=517906",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=517906"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=526825",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=526825"
},
{
"name" : "DSA-3351",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3351"
},
{
"name" : "RHSA-2015:1712",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1712.html"
},
{
"name" : "openSUSE-SU-2015:1873",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html"
},
{
"name" : "openSUSE-SU-2015:1586",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html"
},
{
"name" : "1033472",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033472"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:1873",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=508703",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=508703"
},
{
"name": "RHSA-2015:1712",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1712.html"
},
{
"name": "1033472",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033472"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=498475",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=498475"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=482369",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=482369"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=413706",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=413706"
},
{
"name": "openSUSE-SU-2015:1586",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=485413",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=485413"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=517906",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=517906"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=526825",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=526825"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=498338",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=498338"
},
{
"name": "DSA-3351",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3351"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=507018",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=507018"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=508705",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=508705"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=502794",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=502794"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=517364",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=517364"
}
]
}
}

160
2015/1xxx/CVE-2015-1389.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1389",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37172",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37172/"
},
{
"name" : "20150527 ClearPass Policy Manager Stored XSS",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/May/115"
},
{
"name" : "https://github.com/cmaruti/reports/blob/master/aruba_clearpass.pdf",
"refsource" : "MISC",
"url" : "https://github.com/cmaruti/reports/blob/master/aruba_clearpass.pdf"
},
{
"name" : "http://packetstormsecurity.com/files/132060/Aruba-ClearPass-Policy-Manager-6.4-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132060/Aruba-ClearPass-Policy-Manager-6.4-Cross-Site-Scripting.html"
},
{
"name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt",
"refsource" : "CONFIRM",
"url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132060/Aruba-ClearPass-Policy-Manager-6.4-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132060/Aruba-ClearPass-Policy-Manager-6.4-Cross-Site-Scripting.html"
},
{
"name": "37172",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37172/"
},
{
"name": "20150527 ClearPass Policy Manager Stored XSS",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/May/115"
},
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt"
},
{
"name": "https://github.com/cmaruti/reports/blob/master/aruba_clearpass.pdf",
"refsource": "MISC",
"url": "https://github.com/cmaruti/reports/blob/master/aruba_clearpass.pdf"
}
]
}
}

150
2015/1xxx/CVE-2015-1486.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1486",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-1486",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37812",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37812/"
},
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00"
},
{
"name" : "76074",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76074"
},
{
"name" : "1033165",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033165"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote attackers to bypass authentication via a crafted password-reset action that triggers a new administrative session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37812",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37812/"
},
{
"name": "76074",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76074"
},
{
"name": "1033165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033165"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00"
}
]
}
}

280
2015/1xxx/CVE-2015-1779.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1779",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1779",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Qemu-devel] 20150323 [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html"
},
{
"name" : "[Qemu-devel] 20150323 [PATCH 1/2] CVE-2015-1779: incrementally decode websocket frames",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04896.html"
},
{
"name" : "[Qemu-devel] 20150323 [PATCH 2/2] CVE-2015-1779: limit size of HTTP headers from websockets clients",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html"
},
{
"name" : "[oss-security] 20150324 CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/03/24/9"
},
{
"name" : "[oss-security] 20150409 Re: CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/09/6"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "DSA-3259",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3259"
},
{
"name" : "FEDORA-2015-5482",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"
},
{
"name" : "FEDORA-2015-5541",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html"
},
{
"name" : "GLSA-201602-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201602-01"
},
{
"name" : "RHSA-2015:1931",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1931.html"
},
{
"name" : "RHSA-2015:1943",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1943.html"
},
{
"name" : "SUSE-SU-2015:0870",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html"
},
{
"name" : "SUSE-SU-2015:0896",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
},
{
"name" : "USN-2608-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2608-1"
},
{
"name" : "73303",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73303"
},
{
"name" : "1033975",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033975"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VNC websocket frame decoder in QEMU allows remote attackers to cause a denial of service (memory and CPU consumption) via a large (1) websocket payload or (2) HTTP headers section."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:0870",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00033.html"
},
{
"name": "[Qemu-devel] 20150323 [PATCH 1/2] CVE-2015-1779: incrementally decode websocket frames",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04896.html"
},
{
"name": "FEDORA-2015-5541",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155196.html"
},
{
"name": "DSA-3259",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3259"
},
{
"name": "[oss-security] 20150409 Re: CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/09/6"
},
{
"name": "SUSE-SU-2015:0896",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00042.html"
},
{
"name": "FEDORA-2015-5482",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154656.html"
},
{
"name": "[Qemu-devel] 20150323 [PATCH 0/2] CVE-2015-1779: fix denial of service in VNC websockets",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html"
},
{
"name": "RHSA-2015:1931",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1931.html"
},
{
"name": "[oss-security] 20150324 CVE-2015-1779 qemu: vnc: insufficient resource limiting in VNC websockets decoder",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/24/9"
},
{
"name": "1033975",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033975"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2015:1943",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1943.html"
},
{
"name": "USN-2608-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2608-1"
},
{
"name": "[Qemu-devel] 20150323 [PATCH 2/2] CVE-2015-1779: limit size of HTTP headers from websockets clients",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04895.html"
},
{
"name": "73303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73303"
},
{
"name": "GLSA-201602-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201602-01"
}
]
}
}

150
2015/4xxx/CVE-2015-4080.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4080",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 bit key, which makes it easier for remote attackers to (1) obtain sensitive information by sniffing the network and (2) obtain access to the device by encrypting messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150606 Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/535702/100/0/threaded"
},
{
"name" : "https://plus.google.com/109112844319840106704/posts",
"refsource" : "MISC",
"url" : "https://plus.google.com/109112844319840106704/posts"
},
{
"name" : "http://packetstormsecurity.com/files/132210/Kankun-Smart-Socket-Mobile-App-Hardcoded-AES-Key.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132210/Kankun-Smart-Socket-Mobile-App-Hardcoded-AES-Key.html"
},
{
"name" : "75057",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75057"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Kankun Smart Socket device and mobile application uses a hardcoded AES 256 bit key, which makes it easier for remote attackers to (1) obtain sensitive information by sniffing the network and (2) obtain access to the device by encrypting messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/132210/Kankun-Smart-Socket-Mobile-App-Hardcoded-AES-Key.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132210/Kankun-Smart-Socket-Mobile-App-Hardcoded-AES-Key.html"
},
{
"name": "20150606 Hardcoded AES 256 bit key used in Kankun IoT/Smart socket and its mobile App",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535702/100/0/threaded"
},
{
"name": "https://plus.google.com/109112844319840106704/posts",
"refsource": "MISC",
"url": "https://plus.google.com/109112844319840106704/posts"
},
{
"name": "75057",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75057"
}
]
}
}

120
2015/4xxx/CVE-2015-4094.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4094",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.info-sec.ca/advisories/Thycotic-SecretServer.html",
"refsource" : "MISC",
"url" : "http://www.info-sec.ca/advisories/Thycotic-SecretServer.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Thycotic Password Manager Secret Server application through 2.3 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.info-sec.ca/advisories/Thycotic-SecretServer.html",
"refsource": "MISC",
"url": "http://www.info-sec.ca/advisories/Thycotic-SecretServer.html"
}
]
}
}

140
2015/4xxx/CVE-2015-4609.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4609",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4609",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-008/",
"refsource" : "MISC",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-008/"
},
{
"name" : "http://typo3.org/extensions/repository/view/wt_directory",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/wt_directory"
},
{
"name" : "75253",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75253"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the wt_directory extension before 1.4.2 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/wt_directory",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/wt_directory"
},
{
"name": "75253",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75253"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-008/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-008/"
}
]
}
}

130
2015/4xxx/CVE-2015-4817.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-4817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name" : "1033881",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033881"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel Zones virtualized NIC driver."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "1033881",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033881"
}
]
}
}

140
2015/5xxx/CVE-2015-5061.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5061",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vulnerability-lab.com/get_content.php?id=1488",
"refsource" : "MISC",
"url" : "http://www.vulnerability-lab.com/get_content.php?id=1488"
},
{
"name" : "https://packetstormsecurity.com/files/132402/ManageEngine-Asset-Explorer-6.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/132402/ManageEngine-Asset-Explorer-6.1-Cross-Site-Scripting.html"
},
{
"name" : "75411",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75411"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 and earlier allows remote authenticated users with permissions to add new vendors to inject arbitrary web script or HTML via the organizationName parameter to VendorDef.do."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/132402/ManageEngine-Asset-Explorer-6.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/132402/ManageEngine-Asset-Explorer-6.1-Cross-Site-Scripting.html"
},
{
"name": "75411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75411"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=1488",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=1488"
}
]
}
}

34
2015/5xxx/CVE-2015-5083.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5083",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5083",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

156
2018/2xxx/CVE-2018-2502.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com",
"ID" : "CVE-2018-2502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SAP Business One Service Layer (B1_ON_HANA)",
"version" : {
"version_data" : [
{
"version_name" : "=",
"version_value" : "9.2"
},
{
"version_name" : "=",
"version_value" : "9.3"
}
]
}
}
]
},
"vendor_name" : "SAP"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Other"
}
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP Business One Service Layer (B1_ON_HANA)",
"version": {
"version_data": [
{
"version_name": "=",
"version_value": "9.2"
},
{
"version_name": "=",
"version_value": "9.3"
}
]
}
}
]
},
"vendor_name": "SAP"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://launchpad.support.sap.com/#/notes/2680492",
"refsource" : "MISC",
"url" : "https://launchpad.support.sap.com/#/notes/2680492"
},
{
"name" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699",
"refsource" : "MISC",
"url" : "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"name" : "106173",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106173"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST (Cross Site Tracing) attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer (B1_ON_HANA, versions 9.2, 9.3)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Other"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699",
"refsource": "MISC",
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=508559699"
},
{
"name": "106173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106173"
},
{
"name": "https://launchpad.support.sap.com/#/notes/2680492",
"refsource": "MISC",
"url": "https://launchpad.support.sap.com/#/notes/2680492"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

356
2018/2xxx/CVE-2018-2677.json
View File

@ -1,180 +1,180 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2677",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "Java SE: 6u171"
},
{
"version_affected" : "=",
"version_value" : "7u161"
},
{
"version_affected" : "=",
"version_value" : "8u152"
},
{
"version_affected" : "=",
"version_value" : "9.0.1; Java SE Embedded: 8u151"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2677",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE: 6u171"
},
{
"version_affected": "=",
"version_value": "7u161"
},
{
"version_affected": "=",
"version_value": "8u152"
},
{
"version_affected": "=",
"version_value": "9.0.1; Java SE Embedded: 8u151"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180117-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180117-0001/"
},
{
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource" : "CONFIRM",
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us"
},
{
"name" : "DSA-4144",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4144"
},
{
"name" : "DSA-4166",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4166"
},
{
"name" : "RHSA-2018:0095",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0095"
},
{
"name" : "RHSA-2018:0099",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0099"
},
{
"name" : "RHSA-2018:0100",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0100"
},
{
"name" : "RHSA-2018:0115",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0115"
},
{
"name" : "RHSA-2018:0349",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0349"
},
{
"name" : "RHSA-2018:0351",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0351"
},
{
"name" : "RHSA-2018:0352",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0352"
},
{
"name" : "RHSA-2018:0458",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0458"
},
{
"name" : "RHSA-2018:0521",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0521"
},
{
"name" : "RHSA-2018:1463",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1463"
},
{
"name" : "RHSA-2018:1812",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1812"
},
{
"name" : "USN-3613-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3613-1/"
},
{
"name" : "USN-3614-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3614-1/"
},
{
"name" : "102656",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102656"
},
{
"name" : "1040203",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040203"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 6u171, 7u161, 8u152 and 9.0.1; Java SE Embedded: 8u151. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0351",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0351"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180117-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180117-0001/"
},
{
"name": "USN-3614-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3614-1/"
},
{
"name": "DSA-4166",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4166"
},
{
"name": "RHSA-2018:0095",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0095"
},
{
"name": "102656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102656"
},
{
"name": "DSA-4144",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4144"
},
{
"name": "RHSA-2018:0521",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0521"
},
{
"name": "RHSA-2018:0352",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0352"
},
{
"name": "RHSA-2018:0115",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0115"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "[debian-lts-announce] 20180403 [SECURITY] [DLA 1339-1] openjdk-7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00003.html"
},
{
"name": "RHSA-2018:1812",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1812"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03911en_us"
},
{
"name": "RHSA-2018:0099",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0099"
},
{
"name": "RHSA-2018:1463",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1463"
},
{
"name": "RHSA-2018:0458",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0458"
},
{
"name": "RHSA-2018:0349",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0349"
},
{
"name": "1040203",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040203"
},
{
"name": "USN-3613-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3613-1/"
},
{
"name": "RHSA-2018:0100",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0100"
}
]
}
}

34
2018/3xxx/CVE-2018-3323.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3323",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3323",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/3xxx/CVE-2018-3332.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3332",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3332",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2018/3xxx/CVE-2018-3581.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-05-11T00:00:00",
"ID" : "CVE-2018-3581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can occur if the vdev_id received from firmware is larger than max_bssid."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-05-11T00:00:00",
"ID": "CVE-2018-3581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2",
"refsource" : "MISC",
"url" : "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, a buffer overwrite can occur if the vdev_id received from firmware is larger than max_bssid."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2",
"refsource": "MISC",
"url": "https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2"
}
]
}
}

34
2018/3xxx/CVE-2018-3642.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3642",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3642",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2018/3xxx/CVE-2018-3911.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-07-26T00:00:00",
"ID" : "CVE-2018-3911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Samsung",
"version" : {
"version_data" : [
{
"version_value" : "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
}
]
}
}
]
},
"vendor_name" : "Samsung"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated toward the internal video-core process. An attacker can send an HTTP request to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Neutralization of CRLF Sequences in HTTP Headers"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-07-26T00:00:00",
"ID": "CVE-2018-3911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Samsung",
"version": {
"version_data": [
{
"version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
}
]
}
}
]
},
"vendor_name": "Samsung"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0578",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0578"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated message to SmartThings' remote servers, which insecurely handle JSON messages, leading to partially controlled requests generated toward the internal video-core process. An attacker can send an HTTP request to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of CRLF Sequences in HTTP Headers"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0578",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0578"
}
]
}
}

34
2018/6xxx/CVE-2018-6309.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6309",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6309",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/6xxx/CVE-2018-6412.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6412",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6412",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://marc.info/?l=linux-fbdev&m=151734425901499&w=2",
"refsource" : "MISC",
"url" : "https://marc.info/?l=linux-fbdev&m=151734425901499&w=2"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=250c6c49e3b68756b14983c076183568636e2bde",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=250c6c49e3b68756b14983c076183568636e2bde"
},
{
"name" : "https://github.com/torvalds/linux/commit/250c6c49e3b68756b14983c076183568636e2bde",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/250c6c49e3b68756b14983c076183568636e2bde"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://marc.info/?l=linux-fbdev&m=151734425901499&w=2",
"refsource": "MISC",
"url": "https://marc.info/?l=linux-fbdev&m=151734425901499&w=2"
},
{
"name": "https://github.com/torvalds/linux/commit/250c6c49e3b68756b14983c076183568636e2bde",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/250c6c49e3b68756b14983c076183568636e2bde"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=250c6c49e3b68756b14983c076183568636e2bde",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=250c6c49e3b68756b14983c076183568636e2bde"
}
]
}
}

194
2018/6xxx/CVE-2018-6494.json
View File

@ -1,99 +1,99 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@microfocus.com",
"DATE_PUBLIC" : "2018-05-10T19:01:00.000Z",
"ID" : "CVE-2018-6494",
"STATE" : "PUBLIC",
"TITLE" : "MFSBGN03807 rev.1 - HP Service Manager Software, Multiple Vulnerabilities"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HP Service Manager Software",
"version" : {
"version_data" : [
{
"version_value" : "9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51"
}
]
}
}
]
},
"vendor_name" : "Micro Focus"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "Unauthorized Disclosure of Data"
}
],
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "NONE",
"baseScore" : 6.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote SQL Injection"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2018-05-10T19:01:00.000Z",
"ID": "CVE-2018-6494",
"STATE": "PUBLIC",
"TITLE": "MFSBGN03807 rev.1 - HP Service Manager Software, Multiple Vulnerabilities"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HP Service Manager Software",
"version": {
"version_data": [
{
"version_value": "9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51"
}
]
}
}
]
},
"vendor_name": "Micro Focus"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158656",
"refsource" : "CONFIRM",
"url" : "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158656"
},
{
"name" : "104141",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104141"
},
{
"name" : "1040902",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040902"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote SQL Injection against the HP Service Manager Software Web Tier, version 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, 9.41, 9.50, 9.51, may lead to unauthorized disclosure of data."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "Unauthorized Disclosure of Data"
}
],
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158656",
"refsource": "CONFIRM",
"url": "https://softwaresupport.softwaregrp.com/document/-/facetsearch/document/KM03158656"
},
{
"name": "104141",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104141"
},
{
"name": "1040902",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040902"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

34
2018/6xxx/CVE-2018-6571.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6571",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6571",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/6xxx/CVE-2018-6884.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6884",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6884",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2018/6xxx/CVE-2018-6921.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secteam@freebsd.org",
"DATE_PUBLIC" : "2018-05-08T00:00:00",
"ID" : "CVE-2018-6921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FreeBSD",
"version" : {
"version_data" : [
{
"version_value" : "FreeBSD 11.x prior to 11.1-RELEASE-p10."
}
]
}
}
]
},
"vendor_name" : "FreeBSD"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Kernel memory disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secteam@freebsd.org",
"DATE_PUBLIC": "2018-05-08T00:00:00",
"ID": "CVE-2018-6921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeBSD",
"version": {
"version_data": [
{
"version_value": "FreeBSD 11.x prior to 11.1-RELEASE-p10."
}
]
}
}
]
},
"vendor_name": "FreeBSD"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc",
"refsource" : "CONFIRM",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc"
},
{
"name" : "104118",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104118"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to insufficient initialization of memory copied to userland in the network subsystem, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Kernel memory disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc"
},
{
"name": "104118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104118"
}
]
}
}

34
2018/7xxx/CVE-2018-7012.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7012",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-7012",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

120
2018/7xxx/CVE-2018-7175.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7175",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7175",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=613",
"refsource" : "MISC",
"url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=613"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=613",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=613"
}
]
}
}