admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:16:06 +00:00
parent c23d2ca39b
commit 3b7aa2272d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
62 changed files with 4254 additions and 4254 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
2002/0xxx/CVE-2002-0284.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020215 winamp and wma Song Licenses",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101408781031527&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020215 winamp and wma Song Licenses",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101408781031527&w=2"
}
]
}
}

360
2002/0xxx/CVE-2002-0651.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0651",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0651",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020626 Remote buffer overflow in resolver code of libc",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102513011311504&w=2"
},
{
"name" : "20020703 Buffer overflow and DoS i BIND",
"refsource" : "NTBUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
},
{
"name" : "http://www.pine.nl/advisories/pine-cert-20020601.txt",
"refsource" : "MISC",
"url" : "http://www.pine.nl/advisories/pine-cert-20020601.txt"
},
{
"name" : "CA-2002-19",
"refsource" : "CERT",
"url" : "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"name" : "VU#803539",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/803539"
},
{
"name" : "IY32719",
"refsource" : "AIXAPAR",
"url" : "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"name" : "IY32746",
"refsource" : "AIXAPAR",
"url" : "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"name" : "CSSA-2002-SCO.37",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37"
},
{
"name" : "CSSA-2002-SCO.39",
"refsource" : "CALDERA",
"url" : "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39"
},
{
"name" : "CLSA-2002:507",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507"
},
{
"name" : "ESA-20020724-018",
"refsource" : "ENGARDE",
"url" : "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
},
{
"name" : "FreeBSD-SA-02:28",
"refsource" : "FREEBSD",
"url" : "http://marc.info/?l=bugtraq&m=102520962320134&w=2"
},
{
"name" : "MDKSA-2002:038",
"refsource" : "MANDRAKE",
"url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
},
{
"name" : "MDKSA-2002:043",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
},
{
"name" : "NetBSD-SA2002-006",
"refsource" : "NETBSD",
"url" : "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc"
},
{
"name" : "RHSA-2002:119",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-119.html"
},
{
"name" : "RHSA-2002:133",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-133.html"
},
{
"name" : "RHSA-2002:139",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2002-139.html"
},
{
"name" : "RHSA-2002:167",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-167.html"
},
{
"name" : "RHSA-2003:154",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-154.html"
},
{
"name" : "20020701-01-I",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/"
},
{
"name" : "20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102579743329251&w=2"
},
{
"name" : "5100",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5100"
},
{
"name" : "oval:org.mitre.oval:def:4190",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
},
{
"name" : "dns-resolver-lib-bo(9432)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9432.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLSA-2002:507",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507"
},
{
"name": "RHSA-2002:139",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2002-139.html"
},
{
"name": "ESA-20020724-018",
"refsource": "ENGARDE",
"url": "http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html"
},
{
"name": "oval:org.mitre.oval:def:4190",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190"
},
{
"name": "20020626 Remote buffer overflow in resolver code of libc",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102513011311504&w=2"
},
{
"name": "RHSA-2002:119",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-119.html"
},
{
"name": "VU#803539",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/803539"
},
{
"name": "dns-resolver-lib-bo(9432)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9432.php"
},
{
"name": "CSSA-2002-SCO.39",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39"
},
{
"name": "MDKSA-2002:038",
"refsource": "MANDRAKE",
"url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038"
},
{
"name": "IY32719",
"refsource": "AIXAPAR",
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"name": "RHSA-2002:167",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-167.html"
},
{
"name": "RHSA-2003:154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-154.html"
},
{
"name": "20020701-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/"
},
{
"name": "IY32746",
"refsource": "AIXAPAR",
"url": "http://archives.neohapsis.com/archives/aix/2002-q3/0001.html"
},
{
"name": "20020703 Buffer overflow and DoS i BIND",
"refsource": "NTBUGTRAQ",
"url": "http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html"
},
{
"name": "20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102579743329251&w=2"
},
{
"name": "MDKSA-2002:043",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php"
},
{
"name": "RHSA-2002:133",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-133.html"
},
{
"name": "CSSA-2002-SCO.37",
"refsource": "CALDERA",
"url": "ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37"
},
{
"name": "FreeBSD-SA-02:28",
"refsource": "FREEBSD",
"url": "http://marc.info/?l=bugtraq&m=102520962320134&w=2"
},
{
"name": "CA-2002-19",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-19.html"
},
{
"name": "5100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5100"
},
{
"name": "NetBSD-SA2002-006",
"refsource": "NETBSD",
"url": "ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc"
},
{
"name": "http://www.pine.nl/advisories/pine-cert-20020601.txt",
"refsource": "MISC",
"url": "http://www.pine.nl/advisories/pine-cert-20020601.txt"
}
]
}
}

130
2002/2xxx/CVE-2002-2099.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2099",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1003241",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1003241"
},
{
"name" : "ddd-home-bo(7979)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7979"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ddd-home-bo(7979)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7979"
},
{
"name": "1003241",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1003241"
}
]
}
}

230
2005/0xxx/CVE-2005-0546.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0546",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in \"cached header handling,\" (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[info-cyrus] 20050214 Cyrus IMAPd 2.2.11 Released",
"refsource" : "MLIST",
"url" : "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723"
},
{
"name" : "CLA-2005:937",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000937"
},
{
"name" : "FLSA:156290",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/430294/100/0/threaded"
},
{
"name" : "GLSA-200502-29",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200502-29.xml"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=82404",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=82404"
},
{
"name" : "MDKSA-2005:051",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:051"
},
{
"name" : "20050228 [USN-87-1] Cyrus IMAP server vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110972236203397&w=2"
},
{
"name" : "RHSA-2005:408",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-408.html"
},
{
"name" : "12636",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12636"
},
{
"name" : "oval:org.mitre.oval:def:10674",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10674"
},
{
"name" : "1013278",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013278"
},
{
"name" : "14383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14383"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in \"cached header handling,\" (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:10674",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10674"
},
{
"name": "14383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14383"
},
{
"name": "20050228 [USN-87-1] Cyrus IMAP server vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110972236203397&w=2"
},
{
"name": "MDKSA-2005:051",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:051"
},
{
"name": "1013278",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013278"
},
{
"name": "CLA-2005:937",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000937"
},
{
"name": "GLSA-200502-29",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200502-29.xml"
},
{
"name": "FLSA:156290",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/430294/100/0/threaded"
},
{
"name": "12636",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12636"
},
{
"name": "[info-cyrus] 20050214 Cyrus IMAPd 2.2.11 Released",
"refsource": "MLIST",
"url": "http://asg.web.cmu.edu/archive/message.php?mailbox=archive.info-cyrus&msg=33723"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=82404",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=82404"
},
{
"name": "RHSA-2005:408",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-408.html"
}
]
}
}

130
2005/0xxx/CVE-2005-0868.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050323 Backdoors in AS/400 emulations allow the server to attack connected PC workstations",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111160242803070&w=2"
},
{
"name" : "http://www.venera.com/downloads/Attack_5250_terminal_emulations_from_iSeries_server.pdf",
"refsource" : "MISC",
"url" : "http://www.venera.com/downloads/Attack_5250_terminal_emulations_from_iSeries_server.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.venera.com/downloads/Attack_5250_terminal_emulations_from_iSeries_server.pdf",
"refsource": "MISC",
"url": "http://www.venera.com/downloads/Attack_5250_terminal_emulations_from_iSeries_server.pdf"
},
{
"name": "20050323 Backdoors in AS/400 emulations allow the server to attack connected PC workstations",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111160242803070&w=2"
}
]
}
}

180
2005/0xxx/CVE-2005-0935.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050330 Multiple sql injection, and xss vulnerabilities in Pay pal Storefront",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111221890614271&w=2"
},
{
"name" : "http://www.hackerscenter.com/Archive/view.asp?id=1774",
"refsource" : "MISC",
"url" : "http://www.hackerscenter.com/Archive/view.asp?id=1774"
},
{
"name" : "12903",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12903"
},
{
"name" : "15057",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15057"
},
{
"name" : "15058",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15058"
},
{
"name" : "1013563",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013563"
},
{
"name" : "14711",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14711"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hackerscenter.com/Archive/view.asp?id=1774",
"refsource": "MISC",
"url": "http://www.hackerscenter.com/Archive/view.asp?id=1774"
},
{
"name": "15057",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15057"
},
{
"name": "20050330 Multiple sql injection, and xss vulnerabilities in Pay pal Storefront",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111221890614271&w=2"
},
{
"name": "1013563",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013563"
},
{
"name": "14711",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14711"
},
{
"name": "12903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12903"
},
{
"name": "15058",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15058"
}
]
}
}

150
2005/0xxx/CVE-2005-0991.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0991",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not \"use a secure location for temporary files,\" which allows local users to have an unknown impact, probably by overwriting files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "IY59205",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY59205&apar=only"
},
{
"name" : "IY59206",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY59206&apar=only"
},
{
"name" : "IY59207",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY59207&apar=only"
},
{
"name" : "12992",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12992"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not \"use a secure location for temporary files,\" which allows local users to have an unknown impact, probably by overwriting files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IY59205",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY59205&apar=only"
},
{
"name": "IY59206",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY59206&apar=only"
},
{
"name": "12992",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12992"
},
{
"name": "IY59207",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY59207&apar=only"
}
]
}
}

170
2005/1xxx/CVE-2005-1096.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to execute arbitrary SQL commands via the UserID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hackerscenter.com/archive/view.asp?id=1865",
"refsource" : "MISC",
"url" : "http://www.hackerscenter.com/archive/view.asp?id=1865"
},
{
"name" : "13049",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13049"
},
{
"name" : "15307",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15307"
},
{
"name" : "1013667",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013667"
},
{
"name" : "14864",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14864"
},
{
"name" : "ocean12-membershipmgr-mainasp-sql-injection(20015)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20015"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to execute arbitrary SQL commands via the UserID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013667",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013667"
},
{
"name": "14864",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14864"
},
{
"name": "13049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13049"
},
{
"name": "http://www.hackerscenter.com/archive/view.asp?id=1865",
"refsource": "MISC",
"url": "http://www.hackerscenter.com/archive/view.asp?id=1865"
},
{
"name": "15307",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15307"
},
{
"name": "ocean12-membershipmgr-mainasp-sql-injection(20015)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20015"
}
]
}
}

34
2005/1xxx/CVE-2005-1257.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1257",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1257",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2005/1xxx/CVE-2005-1415.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050501 Remote buffer overflow in GlobalScape Secure FTP server 3.0.2",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0674.html"
},
{
"name" : "http://www.cuteftp.com/gsftps/history.asp",
"refsource" : "CONFIRM",
"url" : "http://www.cuteftp.com/gsftps/history.asp"
},
{
"name" : "13454",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13454"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13454"
},
{
"name": "http://www.cuteftp.com/gsftps/history.asp",
"refsource": "CONFIRM",
"url": "http://www.cuteftp.com/gsftps/history.asp"
},
{
"name": "20050501 Remote buffer overflow in GlobalScape Secure FTP server 3.0.2",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-04/0674.html"
}
]
}
}

140
2005/1xxx/CVE-2005-1827.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1827",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050526 DSL-504T (and maybe many other) remote access without password bug",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111722515805478&w=2"
},
{
"name" : "13679",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13679"
},
{
"name" : "15422",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15422"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15422"
},
{
"name": "20050526 DSL-504T (and maybe many other) remote access without password bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111722515805478&w=2"
},
{
"name": "13679",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13679"
}
]
}
}

160
2005/1xxx/CVE-2005-1869.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.defacers.com.mx/advisories/4.txt",
"refsource" : "MISC",
"url" : "http://www.defacers.com.mx/advisories/4.txt"
},
{
"name" : "http://www.appindex.net",
"refsource" : "CONFIRM",
"url" : "http://www.appindex.net"
},
{
"name" : "17087",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17087"
},
{
"name" : "1014090",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/alerts/2005/Jun/1014090.html"
},
{
"name" : "15596",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15596"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in start_lobby.php in MWChat 6.x allows remote attackers to execute arbitrary PHP code via the CONFIG[MWCHAT_Libs] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.defacers.com.mx/advisories/4.txt",
"refsource": "MISC",
"url": "http://www.defacers.com.mx/advisories/4.txt"
},
{
"name": "17087",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17087"
},
{
"name": "1014090",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Jun/1014090.html"
},
{
"name": "http://www.appindex.net",
"refsource": "CONFIRM",
"url": "http://www.appindex.net"
},
{
"name": "15596",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15596"
}
]
}
}

34
2005/1xxx/CVE-2005-1926.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1926",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1926",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2009/0xxx/CVE-2009-0118.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0118",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0118",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2009/0xxx/CVE-2009-0272.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0272",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090130 PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500569/100/0/threaded"
},
{
"name" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21",
"refsource" : "MISC",
"url" : "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21"
},
{
"name" : "http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002319",
"refsource" : "CONFIRM",
"url" : "http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002319"
},
{
"name" : "33744",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33744"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Novell GroupWise WebAccess 6.5x, 7.0, 7.01, 7.02x, 7.03, 7.03HP1a, and 8.0 allows remote attackers to insert e-mail forwarding rules, and modify unspecified other configuration settings, as arbitrary users via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33744",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33744"
},
{
"name": "http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002319",
"refsource": "CONFIRM",
"url": "http://www.novell.com/support/search.do?usemicrosite=true&searchString=7002319"
},
{
"name": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21",
"refsource": "MISC",
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr08-21"
},
{
"name": "20090130 PR08-21: Cross-site Request Forgery (CSRF) on Novell GroupWise WebAccess allows email theft and other attacks",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500569/100/0/threaded"
}
]
}
}

490
2009/0xxx/CVE-2009-0774.json
View File

@ -1,247 +1,247 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0774",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0774",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-07.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-07.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=473709",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=473709"
},
{
"name" : "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm"
},
{
"name" : "DSA-1751",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1751"
},
{
"name" : "DSA-1830",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1830"
},
{
"name" : "FEDORA-2009-2882",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html"
},
{
"name" : "FEDORA-2009-2884",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html"
},
{
"name" : "FEDORA-2009-3101",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html"
},
{
"name" : "MDVSA-2009:075",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:075"
},
{
"name" : "MDVSA-2009:083",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083"
},
{
"name" : "RHSA-2009:0258",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0258.html"
},
{
"name" : "RHSA-2009:0315",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0315.html"
},
{
"name" : "RHSA-2009:0325",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0325.html"
},
{
"name" : "SSA:2009-083-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420"
},
{
"name" : "SSA:2009-083-03",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952"
},
{
"name" : "SUSE-SA:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html"
},
{
"name" : "SUSE-SA:2009:023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html"
},
{
"name" : "USN-741-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/741-1/"
},
{
"name" : "33990",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33990"
},
{
"name" : "oval:org.mitre.oval:def:11138",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11138"
},
{
"name" : "oval:org.mitre.oval:def:5947",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5947"
},
{
"name" : "oval:org.mitre.oval:def:6057",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6057"
},
{
"name" : "oval:org.mitre.oval:def:6121",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6121"
},
{
"name" : "oval:org.mitre.oval:def:6945",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6945"
},
{
"name" : "1021795",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021795"
},
{
"name" : "34145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34145"
},
{
"name" : "34272",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34272"
},
{
"name" : "34387",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34387"
},
{
"name" : "34383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34383"
},
{
"name" : "34324",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34324"
},
{
"name" : "34417",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34417"
},
{
"name" : "34462",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34462"
},
{
"name" : "34464",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34464"
},
{
"name" : "34527",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34527"
},
{
"name" : "34137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34137"
},
{
"name" : "34140",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34140"
},
{
"name" : "ADV-2009-0632",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0632"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey 1.1.15 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to gczeal, a different vulnerability than CVE-2009-0773."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:0315",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0315.html"
},
{
"name": "oval:org.mitre.oval:def:11138",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11138"
},
{
"name": "SUSE-SA:2009:023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html"
},
{
"name": "SUSE-SA:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html"
},
{
"name": "DSA-1830",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1830"
},
{
"name": "ADV-2009-0632",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0632"
},
{
"name": "FEDORA-2009-3101",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html"
},
{
"name": "DSA-1751",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1751"
},
{
"name": "SSA:2009-083-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420"
},
{
"name": "RHSA-2009:0325",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0325.html"
},
{
"name": "oval:org.mitre.oval:def:5947",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5947"
},
{
"name": "RHSA-2009:0258",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0258.html"
},
{
"name": "34140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34140"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-07.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-07.html"
},
{
"name": "MDVSA-2009:083",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083"
},
{
"name": "34464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34464"
},
{
"name": "34272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34272"
},
{
"name": "34417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34417"
},
{
"name": "34527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34527"
},
{
"name": "34145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34145"
},
{
"name": "FEDORA-2009-2882",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html"
},
{
"name": "FEDORA-2009-2884",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=473709",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=473709"
},
{
"name": "SSA:2009-083-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952"
},
{
"name": "34137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34137"
},
{
"name": "34462",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34462"
},
{
"name": "oval:org.mitre.oval:def:6945",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6945"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm"
},
{
"name": "1021795",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021795"
},
{
"name": "USN-741-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/741-1/"
},
{
"name": "oval:org.mitre.oval:def:6057",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6057"
},
{
"name": "34324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34324"
},
{
"name": "MDVSA-2009:075",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:075"
},
{
"name": "33990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33990"
},
{
"name": "34383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34383"
},
{
"name": "34387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34387"
},
{
"name": "oval:org.mitre.oval:def:6121",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6121"
},
{
"name": "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document"
}
]
}
}

190
2009/0xxx/CVE-2009-0940.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0940",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090316 HP Laserjet multiple models web management CSRF vulnerability & insecure default configuration",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"name" : "http://www.louhinetworks.fi/advisory/HP_20090317.txt",
"refsource" : "MISC",
"url" : "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
},
{
"name" : "HPSN-2009-001",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"name" : "34143",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34143"
},
{
"name" : "52847",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52847"
},
{
"name" : "52848",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52848"
},
{
"name" : "52849",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52849"
},
{
"name" : "ADV-2009-0754",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0754"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0754",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0754"
},
{
"name": "HPSN-2009-001",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01684566"
},
{
"name": "52848",
"refsource": "OSVDB",
"url": "http://osvdb.org/52848"
},
{
"name": "34143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34143"
},
{
"name": "52849",
"refsource": "OSVDB",
"url": "http://osvdb.org/52849"
},
{
"name": "20090316 HP Laserjet multiple models web management CSRF vulnerability & insecure default configuration",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501884/100/0/threaded"
},
{
"name": "http://www.louhinetworks.fi/advisory/HP_20090317.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/HP_20090317.txt"
},
{
"name": "52847",
"refsource": "OSVDB",
"url": "http://osvdb.org/52847"
}
]
}
}

490
2009/1xxx/CVE-2009-1307.json
View File

@ -1,247 +1,247 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-17.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-17.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=481342",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=481342"
},
{
"name" : "DSA-1797",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1797"
},
{
"name" : "DSA-1830",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1830"
},
{
"name" : "FEDORA-2009-3875",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
},
{
"name" : "FEDORA-2009-7567",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html"
},
{
"name" : "FEDORA-2009-7614",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html"
},
{
"name" : "MDVSA-2009:111",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
},
{
"name" : "MDVSA-2009:141",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
},
{
"name" : "RHSA-2009:0436",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
},
{
"name" : "RHSA-2009:0437",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0437.html"
},
{
"name" : "RHSA-2009:1125",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
},
{
"name" : "RHSA-2009:1126",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
},
{
"name" : "SSA:2009-176-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408"
},
{
"name" : "SSA:2009-178-01",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275"
},
{
"name" : "264308",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
},
{
"name" : "SUSE-SR:2009:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name" : "USN-764-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/764-1/"
},
{
"name" : "USN-782-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-782-1"
},
{
"name" : "34656",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34656"
},
{
"name" : "oval:org.mitre.oval:def:10972",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972"
},
{
"name" : "oval:org.mitre.oval:def:5933",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933"
},
{
"name" : "oval:org.mitre.oval:def:6154",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154"
},
{
"name" : "oval:org.mitre.oval:def:6266",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266"
},
{
"name" : "oval:org.mitre.oval:def:7008",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008"
},
{
"name" : "1022093",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022093"
},
{
"name" : "34758",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34758"
},
{
"name" : "34894",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34894"
},
{
"name" : "34843",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34843"
},
{
"name" : "34844",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34844"
},
{
"name" : "34780",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34780"
},
{
"name" : "35065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35065"
},
{
"name" : "35042",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35042"
},
{
"name" : "35536",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35536"
},
{
"name" : "35561",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35561"
},
{
"name" : "35602",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35602"
},
{
"name" : "35882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35882"
},
{
"name" : "ADV-2009-1125",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The view-source: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not properly implement the Same Origin Policy, which allows remote attackers to (1) bypass crossdomain.xml restrictions and connect to arbitrary web sites via a Flash file; (2) read, create, or modify Local Shared Objects via a Flash file; or (3) bypass unspecified restrictions and render content via vectors involving a jar: URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-17.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-17.html"
},
{
"name": "MDVSA-2009:111",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
},
{
"name": "FEDORA-2009-3875",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
},
{
"name": "oval:org.mitre.oval:def:6154",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6154"
},
{
"name": "34894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34894"
},
{
"name": "ADV-2009-1125",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1125"
},
{
"name": "SSA:2009-178-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275"
},
{
"name": "DSA-1830",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1830"
},
{
"name": "34758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34758"
},
{
"name": "35536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35536"
},
{
"name": "oval:org.mitre.oval:def:10972",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10972"
},
{
"name": "oval:org.mitre.oval:def:7008",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7008"
},
{
"name": "35602",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35602"
},
{
"name": "RHSA-2009:1125",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
},
{
"name": "FEDORA-2009-7614",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html"
},
{
"name": "34844",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34844"
},
{
"name": "USN-782-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-782-1"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "1022093",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022093"
},
{
"name": "FEDORA-2009-7567",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html"
},
{
"name": "35882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35882"
},
{
"name": "oval:org.mitre.oval:def:6266",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6266"
},
{
"name": "USN-764-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/764-1/"
},
{
"name": "MDVSA-2009:141",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "oval:org.mitre.oval:def:5933",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5933"
},
{
"name": "35042",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35042"
},
{
"name": "34656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34656"
},
{
"name": "34843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34843"
},
{
"name": "DSA-1797",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1797"
},
{
"name": "35561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35561"
},
{
"name": "SSA:2009-176-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408"
},
{
"name": "RHSA-2009:0437",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html"
},
{
"name": "RHSA-2009:0436",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
},
{
"name": "RHSA-2009:1126",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
},
{
"name": "34780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34780"
},
{
"name": "264308",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=481342",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481342"
}
]
}
}

150
2009/1xxx/CVE-2009-1329.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1329",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Mini-stream Shadow Stream Recorder 3.0.1.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8426",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8426"
},
{
"name" : "8405",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8405/"
},
{
"name" : "34494",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34494"
},
{
"name" : "34719",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34719"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Mini-stream Shadow Stream Recorder 3.0.1.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34719"
},
{
"name": "8405",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8405/"
},
{
"name": "34494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34494"
},
{
"name": "8426",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8426"
}
]
}
}

150
2009/1xxx/CVE-2009-1750.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1750",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8730",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8730"
},
{
"name" : "35024",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35024"
},
{
"name" : "54611",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54611"
},
{
"name" : "vidshare-unspecified-file-upload(50625)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50625"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in VidSharePro allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vidshare-unspecified-file-upload(50625)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50625"
},
{
"name": "35024",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35024"
},
{
"name": "8730",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8730"
},
{
"name": "54611",
"refsource": "OSVDB",
"url": "http://osvdb.org/54611"
}
]
}
}

260
2009/1xxx/CVE-2009-1788.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://trapkit.de/advisories/TKADV2009-006.txt",
"refsource" : "MISC",
"url" : "http://trapkit.de/advisories/TKADV2009-006.txt"
},
{
"name" : "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/",
"refsource" : "CONFIRM",
"url" : "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
},
{
"name" : "http://www.mega-nerd.com/libsndfile/",
"refsource" : "CONFIRM",
"url" : "http://www.mega-nerd.com/libsndfile/"
},
{
"name" : "DSA-1814",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1814"
},
{
"name" : "GLSA-200905-09",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200905-09.xml"
},
{
"name" : "MDVSA-2009:132",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
},
{
"name" : "34978",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34978"
},
{
"name" : "35076",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35076"
},
{
"name" : "35126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35126"
},
{
"name" : "35247",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35247"
},
{
"name" : "35443",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35443"
},
{
"name" : "ADV-2009-1324",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1324"
},
{
"name" : "ADV-2009-1348",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1348"
},
{
"name" : "libsndfile-aiff-voc-bo(50541)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
},
{
"name" : "libsndfile-voc-bo(50827)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50827"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2009:132",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:132"
},
{
"name": "http://trapkit.de/advisories/TKADV2009-006.txt",
"refsource": "MISC",
"url": "http://trapkit.de/advisories/TKADV2009-006.txt"
},
{
"name": "ADV-2009-1348",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1348"
},
{
"name": "http://www.mega-nerd.com/libsndfile/",
"refsource": "CONFIRM",
"url": "http://www.mega-nerd.com/libsndfile/"
},
{
"name": "ADV-2009-1324",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1324"
},
{
"name": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/",
"refsource": "CONFIRM",
"url": "http://www.mega-nerd.com/erikd/Blog/CodeHacking/libsndfile/"
},
{
"name": "libsndfile-voc-bo(50827)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50827"
},
{
"name": "35247",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35247"
},
{
"name": "DSA-1814",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1814"
},
{
"name": "libsndfile-aiff-voc-bo(50541)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50541"
},
{
"name": "35076",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35076"
},
{
"name": "GLSA-200905-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-09.xml"
},
{
"name": "35126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35126"
},
{
"name": "34978",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34978"
},
{
"name": "35443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35443"
}
]
}
}

140
2009/1xxx/CVE-2009-1920.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka \"JScript Remote Code Execution Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS09-045",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-045"
},
{
"name" : "TA09-251A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
},
{
"name" : "oval:org.mitre.oval:def:6316",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka \"JScript Remote Code Execution Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS09-045",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-045"
},
{
"name": "TA09-251A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-251A.html"
},
{
"name": "oval:org.mitre.oval:def:6316",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6316"
}
]
}
}

120
2009/4xxx/CVE-2009-4163.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the TW Productfinder (tw_productfinder) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-017/"
}
]
}
}

170
2009/4xxx/CVE-2009-4441.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1",
"refsource" : "CONFIRM",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1"
},
{
"name" : "270789",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1"
},
{
"name" : "37481",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37481"
},
{
"name" : "1023389",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023389"
},
{
"name" : "37915",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37915"
},
{
"name" : "ADV-2009-3647",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3647"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3647",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3647"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1"
},
{
"name": "37481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37481"
},
{
"name": "1023389",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023389"
},
{
"name": "270789",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1"
},
{
"name": "37915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37915"
}
]
}
}

150
2009/5xxx/CVE-2009-5003.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9387",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9387"
},
{
"name" : "http://packetstormsecurity.org/0907-exploits/bes-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0907-exploits/bes-sql.txt"
},
{
"name" : "43287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/43287"
},
{
"name" : "bes-click-sql-injection(52328)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52328"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in click.php in e-soft24 Banner Exchange Script 1.0 allows remote attackers to execute arbitrary SQL commands via the targetid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0907-exploits/bes-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/bes-sql.txt"
},
{
"name": "9387",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9387"
},
{
"name": "43287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/43287"
},
{
"name": "bes-click-sql-injection(52328)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52328"
}
]
}
}

34
2012/2xxx/CVE-2012-2509.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2509",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2509",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2012/2xxx/CVE-2012-2560.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2560",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf"
},
{
"name" : "http://www.wellintech.com/index.php/news/33-patch-for-kingview653",
"refsource" : "CONFIRM",
"url" : "http://www.wellintech.com/index.php/news/33-patch-for-kingview653"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in WellinTech KingView 6.53 allows remote attackers to read arbitrary files via a crafted HTTP request to port 8001."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-185-01.pdf"
},
{
"name": "http://www.wellintech.com/index.php/news/33-patch-for-kingview653",
"refsource": "CONFIRM",
"url": "http://www.wellintech.com/index.php/news/33-patch-for-kingview653"
}
]
}
}

170
2012/2xxx/CVE-2012-2681.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2681",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558",
"refsource" : "MISC",
"url" : "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558"
},
{
"name" : "RHSA-2012:1278",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name" : "RHSA-2012:1281",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name" : "55618",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55618"
},
{
"name" : "50660",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50660"
},
{
"name" : "cumin-redhat-weak-security(78771)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78771"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558",
"refsource": "MISC",
"url": "http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=827558"
},
{
"name": "55618",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55618"
},
{
"name": "cumin-redhat-weak-security(78771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78771"
},
{
"name": "RHSA-2012:1278",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1278.html"
},
{
"name": "RHSA-2012:1281",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1281.html"
},
{
"name": "50660",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50660"
}
]
}
}

210
2012/2xxx/CVE-2012-2784.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to \"width/height changing in CAVS,\" a different vulnerability than CVE-2012-2777."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3"
},
{
"name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4"
},
{
"name" : "http://ffmpeg.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://ffmpeg.org/security.html"
},
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=25715064c2ef4978672a91f8c856f3e8809a7c45",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=25715064c2ef4978672a91f8c856f3e8809a7c45"
},
{
"name" : "http://libav.org/releases/libav-0.7.7.changelog",
"refsource" : "CONFIRM",
"url" : "http://libav.org/releases/libav-0.7.7.changelog"
},
{
"name" : "http://libav.org/releases/libav-0.8.4.changelog",
"refsource" : "CONFIRM",
"url" : "http://libav.org/releases/libav-0.8.4.changelog"
},
{
"name" : "MDVSA-2013:079",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079"
},
{
"name" : "55355",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55355"
},
{
"name" : "50468",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50468"
},
{
"name" : "51257",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51257"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the decode_pic function in libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to \"width/height changing in CAVS,\" a different vulnerability than CVE-2012-2777."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/4"
},
{
"name": "http://libav.org/releases/libav-0.8.4.changelog",
"refsource": "CONFIRM",
"url": "http://libav.org/releases/libav-0.8.4.changelog"
},
{
"name": "55355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55355"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=25715064c2ef4978672a91f8c856f3e8809a7c45",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=25715064c2ef4978672a91f8c856f3e8809a7c45"
},
{
"name": "MDVSA-2013:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079"
},
{
"name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/3"
},
{
"name": "http://ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/security.html"
},
{
"name": "http://libav.org/releases/libav-0.7.7.changelog",
"refsource": "CONFIRM",
"url": "http://libav.org/releases/libav-0.7.7.changelog"
},
{
"name": "50468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50468"
},
{
"name": "51257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51257"
}
]
}
}

200
2012/2xxx/CVE-2012-2787.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2787",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the \"setup width/height.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3"
},
{
"name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4"
},
{
"name" : "http://ffmpeg.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://ffmpeg.org/security.html"
},
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=01bf2ad7351fdaa2e21b6bdf963d22d6ffccb920",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=01bf2ad7351fdaa2e21b6bdf963d22d6ffccb920"
},
{
"name" : "http://libav.org/releases/libav-0.8.4.changelog",
"refsource" : "CONFIRM",
"url" : "http://libav.org/releases/libav-0.8.4.changelog"
},
{
"name" : "MDVSA-2013:079",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079"
},
{
"name" : "55355",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55355"
},
{
"name" : "50468",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50468"
},
{
"name" : "51257",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51257"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the decode_frame function in libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4 has unknown impact and attack vectors, related to the \"setup width/height.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/4"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=01bf2ad7351fdaa2e21b6bdf963d22d6ffccb920",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=01bf2ad7351fdaa2e21b6bdf963d22d6ffccb920"
},
{
"name": "http://libav.org/releases/libav-0.8.4.changelog",
"refsource": "CONFIRM",
"url": "http://libav.org/releases/libav-0.8.4.changelog"
},
{
"name": "55355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55355"
},
{
"name": "MDVSA-2013:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079"
},
{
"name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/3"
},
{
"name": "http://ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/security.html"
},
{
"name": "50468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50468"
},
{
"name": "51257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51257"
}
]
}
}

140
2012/2xxx/CVE-2012-2941.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2941",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/112945/Yandex.Server-2010-9.0-Enterprise-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/112945/Yandex.Server-2010-9.0-Enterprise-Cross-Site-Scripting.html"
},
{
"name" : "53622",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53622"
},
{
"name" : "yandexserver-text-xss(75788)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75788"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server 2010 9.0 Enterprise allows remote attackers to inject arbitrary web script or HTML via the text parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/112945/Yandex.Server-2010-9.0-Enterprise-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112945/Yandex.Server-2010-9.0-Enterprise-Cross-Site-Scripting.html"
},
{
"name": "53622",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53622"
},
{
"name": "yandexserver-text-xss(75788)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75788"
}
]
}
}

120
2012/3xxx/CVE-2012-3074.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3074",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-3074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120711 Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An unspecified API on Cisco TelePresence Immersive Endpoint Devices before 1.9.1 allows remote attackers to execute arbitrary commands by leveraging certain adjacency and sending a malformed request on TCP port 61460, aka Bug ID CSCtz38382."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120711 Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts"
}
]
}
}

130
2012/3xxx/CVE-2012-3172.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3172",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Siebel Apps - Multi-channel Technologies."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Siebel Apps - Multi-channel Technologies."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

140
2012/3xxx/CVE-2012-3295.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3295",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-3295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21595523",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21595523"
},
{
"name" : "PM56593",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PM56593"
},
{
"name" : "wmq-svrconn-security-bypass(77279)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77279"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote attackers to bypass the security-configuration setup step and obtain queue-manager access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21595523",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21595523"
},
{
"name": "PM56593",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM56593"
},
{
"name": "wmq-svrconn-security-bypass(77279)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77279"
}
]
}
}

34
2012/3xxx/CVE-2012-3415.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3415",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2401. Reason: This candidate is a duplicate of CVE-2012-2401. Notes: All CVE users should reference CVE-2012-2401 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-3415",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-2401. Reason: This candidate is a duplicate of CVE-2012-2401. Notes: All CVE users should reference CVE-2012-2401 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

190
2012/3xxx/CVE-2012-3517.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3517",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120821 Re: CVE Request -- Tor 0.2.2.38: Three issues",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2012/08/21/6"
},
{
"name" : "[tor-announce] 20120819 Tor 0.2.2.38 is released",
"refsource" : "MLIST",
"url" : "https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=849949",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=849949"
},
{
"name" : "https://gitweb.torproject.org/tor.git/commit/62637fa22405278758febb1743da9af562524d4c",
"refsource" : "CONFIRM",
"url" : "https://gitweb.torproject.org/tor.git/commit/62637fa22405278758febb1743da9af562524d4c"
},
{
"name" : "https://trac.torproject.org/projects/tor/ticket/6480",
"refsource" : "CONFIRM",
"url" : "https://trac.torproject.org/projects/tor/ticket/6480"
},
{
"name" : "FEDORA-2012-14638",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html"
},
{
"name" : "GLSA-201301-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201301-03.xml"
},
{
"name" : "openSUSE-SU-2012:1068",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00048.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might allow remote attackers to cause a denial of service (daemon crash) via vectors related to failed DNS requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201301-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201301-03.xml"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=849949",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849949"
},
{
"name": "[tor-announce] 20120819 Tor 0.2.2.38 is released",
"refsource": "MLIST",
"url": "https://lists.torproject.org/pipermail/tor-announce/2012-August/000086.html"
},
{
"name": "https://gitweb.torproject.org/tor.git/commit/62637fa22405278758febb1743da9af562524d4c",
"refsource": "CONFIRM",
"url": "https://gitweb.torproject.org/tor.git/commit/62637fa22405278758febb1743da9af562524d4c"
},
{
"name": "[oss-security] 20120821 Re: CVE Request -- Tor 0.2.2.38: Three issues",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/21/6"
},
{
"name": "openSUSE-SU-2012:1068",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00048.html"
},
{
"name": "https://trac.torproject.org/projects/tor/ticket/6480",
"refsource": "CONFIRM",
"url": "https://trac.torproject.org/projects/tor/ticket/6480"
},
{
"name": "FEDORA-2012-14638",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088006.html"
}
]
}
}

140
2012/3xxx/CVE-2012-3731.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3731",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3731",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name" : "85643",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85643"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mail in Apple iOS before 6 does not properly implement the Data Protection feature for e-mail attachments, which allows physically proximate attackers to bypass an intended passcode requirement via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "85643",
"refsource": "OSVDB",
"url": "http://osvdb.org/85643"
}
]
}
}

150
2012/4xxx/CVE-2012-4145.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4145",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a \"low severity issue.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/mac/1166/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1166/"
},
{
"name" : "http://www.opera.com/docs/changelogs/mac/1201/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1201/"
},
{
"name" : "http://www.opera.com/docs/changelogs/unix/1201/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unix/1201/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/1201/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1201/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact and attack vectors, related to a \"low severity issue.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/docs/changelogs/mac/1166/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1166/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1201/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1201/"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1201/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1201/"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1201/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1201/"
}
]
}
}

34
2012/6xxx/CVE-2012-6070.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6070",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6070",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/6xxx/CVE-2012-6296.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6296",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6296",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/6xxx/CVE-2012-6492.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6492",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6492",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2012/6xxx/CVE-2012-6615.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6615",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6615",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=20c121c00747d6c3b0b0f98deeff021171b2ed74",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=20c121c00747d6c3b0b0f98deeff021171b2ed74"
},
{
"name" : "http://www.ffmpeg.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://www.ffmpeg.org/security.html"
},
{
"name" : "https://trac.ffmpeg.org/ticket/2048",
"refsource" : "CONFIRM",
"url" : "https://trac.ffmpeg.org/ticket/2048"
},
{
"name" : "89592",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/89592"
},
{
"name" : "51964",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51964"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ff_ass_split_override_codes function in libavcodec/ass_split.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a subtitle dialog without text."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=20c121c00747d6c3b0b0f98deeff021171b2ed74",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=20c121c00747d6c3b0b0f98deeff021171b2ed74"
},
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
},
{
"name": "https://trac.ffmpeg.org/ticket/2048",
"refsource": "CONFIRM",
"url": "https://trac.ffmpeg.org/ticket/2048"
},
{
"name": "89592",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/89592"
},
{
"name": "51964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51964"
}
]
}
}

34
2015/5xxx/CVE-2015-5197.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5197",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-5197",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

140
2015/5xxx/CVE-2015-5662.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5662",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#25576608",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN25576608/index.html"
},
{
"name" : "JVNDB-2015-000160",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000160"
},
{
"name" : "1033860",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033860"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Avast before 150918-0 allows remote attackers to delete or write to arbitrary files via a crafted entry in a ZIP archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2015-000160",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000160"
},
{
"name": "1033860",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033860"
},
{
"name": "JVN#25576608",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN25576608/index.html"
}
]
}
}

170
2015/5xxx/CVE-2015-5798.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5798",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205221"
},
{
"name" : "https://support.apple.com/HT205265",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205265"
},
{
"name" : "APPLE-SA-2015-09-16-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name" : "APPLE-SA-2015-09-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name" : "76765",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76765"
},
{
"name" : "1033617",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033617"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors related to iTunes Store browsing, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT205221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205221"
},
{
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-16-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "76765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76765"
},
{
"name": "1033617",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033617"
}
]
}
}

130
2017/2xxx/CVE-2017-2537.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2537",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"WindowServer\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207797",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207797"
},
{
"name" : "1038484",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038484"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"WindowServer\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038484",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038484"
},
{
"name": "https://support.apple.com/HT207797",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207797"
}
]
}
}

196
2018/11xxx/CVE-2018-11081.json
View File

@ -1,100 +1,100 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-09-27T07:00:00.000Z",
"ID" : "CVE-2018-11081",
"STATE" : "PUBLIC",
"TITLE" : "Pivotal Operations Manager UAA config - temp Ram Disk"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "pivotal-ops-manager",
"version" : {
"version_data" : [
{
"affected" : "<=",
"version_name" : "1.11.x",
"version_value" : "2"
},
{
"affected" : "<",
"version_name" : "2.0.x",
"version_value" : "2.0.16"
},
{
"affected" : "<",
"version_name" : "2.1.x",
"version_value" : "2.1.11"
},
{
"affected" : "<",
"version_name" : "2.2.x",
"version_value" : "2.2.1"
}
]
}
}
]
},
"vendor_name" : "Pivotal"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk.."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "ADJACENT_NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.9,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cleartext Storage in a File or on Disk"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-09-27T07:00:00.000Z",
"ID": "CVE-2018-11081",
"STATE": "PUBLIC",
"TITLE": "Pivotal Operations Manager UAA config - temp Ram Disk"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pivotal-ops-manager",
"version": {
"version_data": [
{
"affected": "<=",
"version_name": "1.11.x",
"version_value": "2"
},
{
"affected": "<",
"version_name": "2.0.x",
"version_value": "2.0.16"
},
{
"affected": "<",
"version_name": "2.1.x",
"version_value": "2.1.11"
},
{
"affected": "<",
"version_name": "2.2.x",
"version_value": "2.2.1"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2018-11081",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-11081"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Operations Manager, versions 2.2.x prior to 2.2.1, 2.1.x prior to 2.1.11, 2.0.x prior to 2.0.16, and 1.11.x prior to 2, fails to write the Operations Manager UAA config onto the temp RAM disk, thus exposing the configs directly onto disk. A remote user that has gained access to the Operations Manager VM, can now file search and find the UAA credentials for Operations Manager on the system disk.."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cleartext Storage in a File or on Disk"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2018-11081",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-11081"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

120
2018/11xxx/CVE-2018-11129.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11129",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11129",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180516 vcftools 0.1.15 vuln bugs",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/43"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The header::add_INFO_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180516 vcftools 0.1.15 vuln bugs",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/43"
}
]
}
}

34
2018/11xxx/CVE-2018-11513.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11513",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11513",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/11xxx/CVE-2018-11788.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2018-11788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Karaf",
"version" : {
"version_data" : [
{
"version_value" : "Any Apache Karaf version prior to 4.1.7 and 4.2.2"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Karaf provides a features deployer, which allows users to \"hot deploy\" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XXE vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-11788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Karaf",
"version": {
"version_data": [
{
"version_value": "Any Apache Karaf version prior to 4.1.7 and 4.2.2"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://karaf.apache.org/security/cve-2018-11788.txt",
"refsource" : "MISC",
"url" : "http://karaf.apache.org/security/cve-2018-11788.txt"
},
{
"name" : "106479",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106479"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Karaf provides a features deployer, which allows users to \"hot deploy\" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://karaf.apache.org/security/cve-2018-11788.txt",
"refsource": "MISC",
"url": "http://karaf.apache.org/security/cve-2018-11788.txt"
},
{
"name": "106479",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106479"
}
]
}
}

120
2018/11xxx/CVE-2018-11855.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11855",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version" : {
"version_data" : [
{
"version_value" : "MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT and Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Potential Buffer Overflow in OCE Code"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11855",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "If an end user makes use of SCP11 sample OCE code without modification it could lead to a buffer overflow when transmitting a CAPDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT and Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 8CX, SDA660, SDM630, SDM660."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Potential Buffer Overflow in OCE Code"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}

34
2018/11xxx/CVE-2018-11923.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11923",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11923",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/14xxx/CVE-2018-14093.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14093",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14093",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/14xxx/CVE-2018-14815.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"ID" : "CVE-2018-14815",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2018-14815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name" : "105341",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105341"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Fuji Electric V-Server 4.0.3.0 and prior, Several out-of-bounds write vulnerabilities have been identified, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-254-01"
},
{
"name": "105341",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105341"
}
]
}
}

34
2018/15xxx/CVE-2018-15264.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15264",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15264",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

148
2018/15xxx/CVE-2018-15314.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "f5sirt@f5.com",
"DATE_PUBLIC" : "2018-10-18T00:00:00",
"ID" : "CVE-2018-15314",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "BIG-IP AFM",
"version" : {
"version_data" : [
{
"version_value" : "13.0.0-13.1.1.1"
},
{
"version_value" : "12.1.0-12.1.3.6"
}
]
}
}
]
},
"vendor_name" : "F5 Networks, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XSS"
}
"CVE_data_meta": {
"ASSIGNER": "f5sirt@f5.com",
"DATE_PUBLIC": "2018-10-18T00:00:00",
"ID": "CVE-2018-15314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "BIG-IP AFM",
"version": {
"version_data": [
{
"version_value": "13.0.0-13.1.1.1"
},
{
"version_value": "12.1.0-12.1.3.6"
}
]
}
}
]
},
"vendor_name": "F5 Networks, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.f5.com/csp/article/K04524282",
"refsource" : "CONFIRM",
"url" : "https://support.f5.com/csp/article/K04524282"
},
{
"name" : "105733",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105733"
},
{
"name" : "1041933",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041933"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On F5 BIG-IP AFM 13.0.0-13.1.1.1 and 12.1.0-12.1.3.6, there is a Reflected Cross Site Scripting vulnerability in undisclosed TMUI page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XSS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041933",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041933"
},
{
"name": "https://support.f5.com/csp/article/K04524282",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K04524282"
},
{
"name": "105733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105733"
}
]
}
}

150
2018/15xxx/CVE-2018-15727.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15727",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/",
"refsource" : "CONFIRM",
"url" : "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/"
},
{
"name" : "RHSA-2018:3829",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3829"
},
{
"name" : "RHSA-2019:0019",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0019"
},
{
"name" : "105184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid \"remember me\" cookie knowing only a username of an LDAP or OAuth user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105184"
},
{
"name": "RHSA-2019:0019",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0019"
},
{
"name": "RHSA-2018:3829",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3829"
},
{
"name": "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/",
"refsource": "CONFIRM",
"url": "https://grafana.com/blog/2018/08/29/grafana-5.2.3-and-4.6.4-released-with-important-security-fix/"
}
]
}
}

34
2018/15xxx/CVE-2018-15737.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15737",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15737",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/8xxx/CVE-2018-8035.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8035",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8035",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/8xxx/CVE-2018-8047.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8047",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8047",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2018/8xxx/CVE-2018-8716.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8716",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180424 SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/541954/100/0/threaded"
},
{
"name" : "44531",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44531/"
},
{
"name" : "20180424 SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Apr/45"
},
{
"name" : "http://packetstormsecurity.com/files/147330/WSO2-Identity-Server-5.3.0-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/147330/WSO2-Identity-Server-5.3.0-Cross-Site-Scripting.html"
},
{
"name" : "https://www.sec-consult.com/en/blog/advisories/multiple-stored-xss-vulnerabilities-in-wso2-carbon-and-dashboard-server/index.html",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/en/blog/advisories/multiple-stored-xss-vulnerabilities-in-wso2-carbon-and-dashboard-server/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/en/blog/advisories/multiple-stored-xss-vulnerabilities-in-wso2-carbon-and-dashboard-server/index.html",
"refsource": "MISC",
"url": "https://www.sec-consult.com/en/blog/advisories/multiple-stored-xss-vulnerabilities-in-wso2-carbon-and-dashboard-server/index.html"
},
{
"name": "20180424 SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Apr/45"
},
{
"name": "http://packetstormsecurity.com/files/147330/WSO2-Identity-Server-5.3.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/147330/WSO2-Identity-Server-5.3.0-Cross-Site-Scripting.html"
},
{
"name": "44531",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44531/"
},
{
"name": "20180424 SEC Consult SA-20180423-0 :: Multiple Stored XSS Vulnerabilities in WSO2 Carbon and Dashboard Server",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541954/100/0/threaded"
}
]
}
}

120
2018/8xxx/CVE-2018-8906.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/xuheunbaicai/cangku/blob/master/cve/dsmall_v20180320_bug.md",
"refsource" : "MISC",
"url" : "https://github.com/xuheunbaicai/cangku/blob/master/cve/dsmall_v20180320_bug.md"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dsmall v20180320 has XSS via a crafted street address to public/index.php/home/memberaddress/index.html, which is mishandled at public/index.php/home/memberaddress/edit/address_id/2.html."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xuheunbaicai/cangku/blob/master/cve/dsmall_v20180320_bug.md",
"refsource": "MISC",
"url": "https://github.com/xuheunbaicai/cangku/blob/master/cve/dsmall_v20180320_bug.md"
}
]
}
}