admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:44:18 +00:00
parent fa6368ee54
commit 3ee4e8135d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3347 additions and 3347 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2002/2xxx/CVE-2002-2372.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2372", "ID": "CVE-2002-2372",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The telnet server in Infoprint 21 running controller software before 1.056007 allows remote attackers to cause a denial of service (crash) via a long username, possibly due to a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20021025 IBM Infoprint Remote Management Simple DoS", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-10/0364.html" "lang": "eng",
}, "value": "The telnet server in Infoprint 21 running controller software before 1.056007 allows remote attackers to cause a denial of service (crash) via a long username, possibly due to a buffer overflow."
{ }
"name" : "6047", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/6047" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ibm-infoprint-telnet-dos(10474)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/10474.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "6047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6047"
},
{
"name": "ibm-infoprint-telnet-dos(10474)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10474.php"
},
{
"name": "20021025 IBM Infoprint Remote Management Simple DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0364.html"
}
]
}
}

150
2005/0xxx/CVE-2005-0381.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0381", "ID": "CVE-2005-0381",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 allows remote attackers to inject arbitrary web script or HTML via the members parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050113 XSS Vulnerability in ForumKIT", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110563769413994&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 allows remote attackers to inject arbitrary web script or HTML via the members parameter."
{ }
"name" : "12256", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/12256" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1012895", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1012895" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "forumkit-members-xss(18880)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18880" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20050113 XSS Vulnerability in ForumKIT",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110563769413994&w=2"
},
{
"name": "12256",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12256"
},
{
"name": "1012895",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012895"
},
{
"name": "forumkit-members-xss(18880)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18880"
}
]
}
}

200
2005/1xxx/CVE-2005-1409.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2005-1409", "ID": "CVE-2005-1409",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the \"Character conversion vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.postgresql.org/about/news.315", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.postgresql.org/about/news.315" "lang": "eng",
}, "value": "PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the \"Character conversion vulnerability.\""
{ }
"name" : "[pgsql-announce] 20050502 IMPORTANT: two new PostgreSQL security problems found", ]
"refsource" : "MLIST", },
"url" : "http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FLSA-2006:157366", "description": [
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/426302/30/6680/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2005:433", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2005-433.html" ]
}, },
{ "references": {
"name" : "SUSE-SA:2005:036", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2005_36_sudo.html" "name": "oval:org.mitre.oval:def:676",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A676"
"name" : "13476", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13476" "name": "RHSA-2005:433",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-433.html"
"name" : "oval:org.mitre.oval:def:10050", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10050" "name": "FLSA-2006:157366",
}, "refsource": "FEDORA",
{ "url": "http://www.securityfocus.com/archive/1/426302/30/6680/threaded"
"name" : "ADV-2005-0453", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/0453" "name": "ADV-2005-0453",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/0453"
"name" : "oval:org.mitre.oval:def:676", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A676" "name": "13476",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/13476"
} },
} {
"name": "[pgsql-announce] 20050502 IMPORTANT: two new PostgreSQL security problems found",
"refsource": "MLIST",
"url": "http://archives.postgresql.org/pgsql-announce/2005-05/msg00001.php"
},
{
"name": "http://www.postgresql.org/about/news.315",
"refsource": "CONFIRM",
"url": "http://www.postgresql.org/about/news.315"
},
{
"name": "oval:org.mitre.oval:def:10050",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10050"
},
{
"name": "SUSE-SA:2005:036",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_36_sudo.html"
}
]
}
}

160
2005/1xxx/CVE-2005-1593.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1593", "ID": "CVE-2005-1593",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
{ }
"name" : "13560", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/13560" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16155", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16155" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15251", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/15251" ]
}, },
{ "references": {
"name" : "1013924", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013924" "name": "16155",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/16155"
} },
} {
"name": "15251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15251"
},
{
"name": "1013924",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013924"
},
{
"name": "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html"
},
{
"name": "13560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13560"
}
]
}
}

160
2005/1xxx/CVE-2005-1594.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1594", "ID": "CVE-2005-1594",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html" "lang": "eng",
}, "value": "SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "13560", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/13560" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16156", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16156" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15251", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/15251" ]
}, },
{ "references": {
"name" : "1013924", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013924" "name": "16156",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/16156"
} },
} {
"name": "15251",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15251"
},
{
"name": "1013924",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013924"
},
{
"name": "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html"
},
{
"name": "13560",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13560"
}
]
}
}

130
2005/1xxx/CVE-2005-1658.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1658", "ID": "CVE-2005-1658",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a \"...\" (triple dot)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "15274", "description_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15274" "lang": "eng",
}, "value": "Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 allows remote attackers to list the parent directory of the web root via a URL with a \"...\" (triple dot)."
{ }
"name" : "http://cvs.sourceforge.net/viewcvs.py/myserverweb/myserverweb/source/filemanager.cpp?rev=1.116&view=log", ]
"refsource" : "CONFIRM", },
"url" : "http://cvs.sourceforge.net/viewcvs.py/myserverweb/myserverweb/source/filemanager.cpp?rev=1.116&view=log" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15274",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15274"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/myserverweb/myserverweb/source/filemanager.cpp?rev=1.116&view=log",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/myserverweb/myserverweb/source/filemanager.cpp?rev=1.116&view=log"
}
]
}
}

180
2005/3xxx/CVE-2005-3971.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3971", "ID": "CVE-2005-3971",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.citrix.com/article/CTX108208", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.citrix.com/article/CTX108208" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the login form in Citrix MetaFrame Secure Access Manager 2.0 through 2.2 and NFuse Elite 1.0 allows remote attackers to inject arbitrary web script or HTML via the username field."
{ }
"name" : "15664", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15664" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2676", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2676" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1015304", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1015304" ]
}, },
{ "references": {
"name" : "1015305", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015305" "name": "1015305",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015305"
"name" : "17819", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17819" "name": "1015304",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015304"
"name" : "citrix-login-xss(23396)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23396" "name": "15664",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/15664"
} },
} {
"name": "ADV-2005-2676",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2676"
},
{
"name": "http://support.citrix.com/article/CTX108208",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX108208"
},
{
"name": "citrix-login-xss(23396)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23396"
},
{
"name": "17819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17819"
}
]
}
}

170
2005/4xxx/CVE-2005-4152.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4152", "ID": "CVE-2005-4152",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Soti Pocket Controller-Professional 5.0 allows remote attackers to turn off, reboot, or hard reset a PDA via a series of initialization, command, and reset packets sent to port 5492."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051207 Airscanner Mobile Security Advisory: Remote Hard Reset Data Wipe and DoS of Pocket Controller v5.0 (#AS05080401)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/418963/100/0/threaded" "lang": "eng",
}, "value": "Soti Pocket Controller-Professional 5.0 allows remote attackers to turn off, reboot, or hard reset a PDA via a series of initialization, command, and reset packets sent to port 5492."
{ }
"name" : "http://www.airscanner.com/security/pocketcontroller.htm", ]
"refsource" : "MISC", },
"url" : "http://www.airscanner.com/security/pocketcontroller.htm" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15775", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15775/discuss" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2005-2821", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2005/2821" ]
}, },
{ "references": {
"name" : "17966", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17966/" "name": "17966",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17966/"
"name" : "243", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/243" "name": "http://www.airscanner.com/security/pocketcontroller.htm",
} "refsource": "MISC",
] "url": "http://www.airscanner.com/security/pocketcontroller.htm"
} },
} {
"name": "15775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15775/discuss"
},
{
"name": "243",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/243"
},
{
"name": "ADV-2005-2821",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2821"
},
{
"name": "20051207 Airscanner Mobile Security Advisory: Remote Hard Reset Data Wipe and DoS of Pocket Controller v5.0 (#AS05080401)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418963/100/0/threaded"
}
]
}
}

170
2005/4xxx/CVE-2005-4232.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4232", "ID": "CVE-2005-4232",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying \"The vulnerability is without any basis and did not actually work.\" CVE has not verified either the vendor or researcher statements, but the original researcher is known to make frequent mistakes when reporting SQL injection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/12/jamit-job-board-24x-sql-inj.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/12/jamit-job-board-24x-sql-inj.html" "lang": "eng",
}, "value": "** DISPUTED ** SQL injection vulnerability in index.php in Jamit Job Board 2.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the vendor has disputed this issue, saying \"The vulnerability is without any basis and did not actually work.\" CVE has not verified either the vendor or researcher statements, but the original researcher is known to make frequent mistakes when reporting SQL injection."
{ }
"name" : "20060814 vendor dispute: 21687: Jamit Job Board index.php cat Variable SQL Injection (fwd)", ]
"refsource" : "VIM", },
"url" : "http://www.attrition.org/pipermail/vim/2006-August/000972.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15848", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15848" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2005-2879", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2005/2879" ]
}, },
{ "references": {
"name" : "21687", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/21687" "name": "21687",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/21687"
"name" : "18007", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18007" "name": "15848",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/15848"
} },
} {
"name": "18007",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18007"
},
{
"name": "ADV-2005-2879",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2879"
},
{
"name": "20060814 vendor dispute: 21687: Jamit Job Board index.php cat Variable SQL Injection (fwd)",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2006-August/000972.html"
},
{
"name": "http://pridels0.blogspot.com/2005/12/jamit-job-board-24x-sql-inj.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/jamit-job-board-24x-sql-inj.html"
}
]
}
}

200
2009/0xxx/CVE-2009-0634.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2009-0634", "ID": "CVE-2009-0634",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337."
{ }
"name" : "20090325 Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities", ]
"refsource" : "CISCO", },
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a9042f.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34241", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34241" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:12043", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12043" ]
}, },
{ "references": {
"name" : "1021898", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1021898" "name": "oval:org.mitre.oval:def:12043",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12043"
"name" : "34438", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34438" "name": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml",
}, "refsource": "CONFIRM",
{ "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml"
"name" : "ADV-2009-0851", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0851" "name": "34438",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34438"
"name" : "ios-mobile-dos(49424)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49424" "name": "34241",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34241"
"name" : "ios-mobile-ha-dos(49585)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49585" "name": "1021898",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1021898"
} },
} {
"name": "20090325 Cisco IOS Software Mobile IP and Mobile IPv6 Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a9042f.shtml"
},
{
"name": "ios-mobile-ha-dos(49585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49585"
},
{
"name": "ios-mobile-dos(49424)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49424"
},
{
"name": "ADV-2009-0851",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0851"
}
]
}
}

150
2009/0xxx/CVE-2009-0645.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0645", "ID": "CVE-2009-0645",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "7976", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/7976" "lang": "eng",
}, "value": "Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445."
{ }
"name" : "http://www.jaws-project.com/blog/show/jaws-089-released", ]
"refsource" : "MISC", },
"url" : "http://www.jaws-project.com/blog/show/jaws-089-released" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33607", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33607" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "jaws-index-file-include(48476)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48476" ]
} },
] "references": {
} "reference_data": [
} {
"name": "33607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33607"
},
{
"name": "7976",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7976"
},
{
"name": "http://www.jaws-project.com/blog/show/jaws-089-released",
"refsource": "MISC",
"url": "http://www.jaws-project.com/blog/show/jaws-089-released"
},
{
"name": "jaws-index-file-include(48476)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48476"
}
]
}
}

160
2009/1xxx/CVE-2009-1203.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1203", "ID": "CVE-2009-1203",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090624 Trustwave's SpiderLabs Security Advisory TWSL2009-002", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/504516/100/0/threaded" "lang": "eng",
}, "value": "WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 does not properly distinguish its own login screen from the login screens it produces for third-party (1) FTP and (2) CIFS servers, which makes it easier for remote attackers to trick a user into sending WebVPN credentials to an arbitrary server via a URL associated with that server, aka Bug ID CSCsy80709."
{ }
"name" : "35475", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/35475" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1022457", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022457" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "35511", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/35511" ]
}, },
{ "references": {
"name" : "ADV-2009-1713", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1713" "name": "20090624 Trustwave's SpiderLabs Security Advisory TWSL2009-002",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/504516/100/0/threaded"
} },
} {
"name": "1022457",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022457"
},
{
"name": "ADV-2009-1713",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1713"
},
{
"name": "35475",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35475"
},
{
"name": "35511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35511"
}
]
}
}

170
2009/1xxx/CVE-2009-1483.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1483", "ID": "CVE-2009-1483",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in profiles/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8481", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8481" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in upload-file.php in Adam Patterson Studio Lounge Address Book 2.5, as reachable from index2.php, allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in profiles/."
{ }
"name" : "34652", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/34652" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53813", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/53813" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "34761", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/34761" ]
}, },
{ "references": {
"name" : "ADV-2009-1111", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1111" "name": "addressbook-uploadfile-file-upload(49972)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49972"
"name" : "addressbook-uploadfile-file-upload(49972)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49972" "name": "34652",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/34652"
} },
} {
"name": "8481",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8481"
},
{
"name": "34761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34761"
},
{
"name": "ADV-2009-1111",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1111"
},
{
"name": "53813",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/53813"
}
]
}
}

220
2009/1xxx/CVE-2009-1760.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1760", "ID": "CVE-2009-1760",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090608 Rasterbar libtorrent arbitrary file overwrite vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/504151/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file."
{ }
"name" : "http://census-labs.com/news/2009/06/08/libtorrent-rasterbar/", ]
"refsource" : "MISC", },
"url" : "http://census-labs.com/news/2009/06/08/libtorrent-rasterbar/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://sourceforge.net/project/shownotes.php?group_id=79942&release_id=686456", "description": [
"refsource" : "CONFIRM", {
"url" : "http://sourceforge.net/project/shownotes.php?group_id=79942&release_id=686456" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "DSA-1815", ]
"refsource" : "DEBIAN", }
"url" : "http://www.debian.org/security/2009/dsa-1815" ]
}, },
{ "references": {
"name" : "GLSA-200907-14", "reference_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200907-14.xml" "name": "GLSA-200907-14",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200907-14.xml"
"name" : "MDVSA-2009:139", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:139" "name": "libtorrent-path-element-dir-traversal(51008)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51008"
"name" : "35262", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35262" "name": "MDVSA-2009:139",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:139"
"name" : "35277", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35277" "name": "35277",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35277"
"name" : "35848", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35848" "name": "35848",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35848"
"name" : "ADV-2009-1534", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1534" "name": "ADV-2009-1534",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1534"
"name" : "libtorrent-path-element-dir-traversal(51008)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51008" "name": "35262",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/35262"
} },
} {
"name": "http://census-labs.com/news/2009/06/08/libtorrent-rasterbar/",
"refsource": "MISC",
"url": "http://census-labs.com/news/2009/06/08/libtorrent-rasterbar/"
},
{
"name": "DSA-1815",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1815"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=79942&release_id=686456",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=79942&release_id=686456"
},
{
"name": "20090608 Rasterbar libtorrent arbitrary file overwrite vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504151/100/0/threaded"
}
]
}
}

160
2009/3xxx/CVE-2009-3222.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3222", "ID": "CVE-2009-3222",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php in FreeWebScriptz Honest Traffic (FWSHT) 1.x allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0907-exploits/honesttraffic-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0907-exploits/honesttraffic-xss.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in index.php in FreeWebScriptz Honest Traffic (FWSHT) 1.x allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
{ }
"name" : "https://security-shell.ws/showthread.php?t=38085", ]
"refsource" : "MISC", },
"url" : "https://security-shell.ws/showthread.php?t=38085" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "56036", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/56036" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "35887", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/35887" ]
}, },
{ "references": {
"name" : "honest-traffic-index-xss(51821)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51821" "name": "honest-traffic-index-xss(51821)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51821"
} },
} {
"name": "https://security-shell.ws/showthread.php?t=38085",
"refsource": "MISC",
"url": "https://security-shell.ws/showthread.php?t=38085"
},
{
"name": "56036",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56036"
},
{
"name": "35887",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35887"
},
{
"name": "http://packetstormsecurity.org/0907-exploits/honesttraffic-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/honesttraffic-xss.txt"
}
]
}
}

180
2009/4xxx/CVE-2009-4333.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4333", "ID": "CVE-2009-4333",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", "description_data": [
"refsource" : "CONFIRM", {
"url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" "lang": "eng",
}, "value": "The Relational Data Services component in IBM DB2 9.5 before FP5 allows attackers to obtain the password argument from the SET ENCRYPTION PASSWORD statement via vectors involving the GET SNAPSHOT FOR DYNAMIC SQL command."
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21293566", ]
"refsource" : "CONFIRM", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21293566" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21412902", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21412902" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "IZ38819", ]
"refsource" : "AIXAPAR", }
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819" ]
}, },
{ "references": {
"name" : "37332", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37332" "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
}, "refsource": "CONFIRM",
{ "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
"name" : "37759", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37759" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
"name" : "ADV-2009-3520", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3520" "name": "ADV-2009-3520",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2009/3520"
} },
} {
"name": "37332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37332"
},
{
"name": "IZ38819",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ38819"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
},
{
"name": "37759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37759"
}
]
}
}

140
2009/4xxx/CVE-2009-4784.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4784", "ID": "CVE-2009-4784",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0912-exploits/joomlajoaktree-sql.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0912-exploits/joomlajoaktree-sql.txt" "lang": "eng",
}, "value": "SQL injection vulnerability in the Joaktree (com_joaktree) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the treeId parameter to index.php."
{ }
"name" : "37178", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/37178" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37535", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37535" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "37178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37178"
},
{
"name": "http://packetstormsecurity.org/0912-exploits/joomlajoaktree-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0912-exploits/joomlajoaktree-sql.txt"
},
{
"name": "37535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37535"
}
]
}
}

190
2009/5xxx/CVE-2009-5028.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-5028", "ID": "CVE-2009-5028",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty uri field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.59.8.28&r2=1.59.8.29&sortby=log", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.59.8.28&r2=1.59.8.29&sortby=log" "lang": "eng",
}, "value": "Stack-based buffer overflow in Namazu before 2.0.20 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted request containing an empty uri field."
{ }
"name" : "http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.77.2.8&r2=1.77.2.9&sortby=log", ]
"refsource" : "CONFIRM", },
"url" : "http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.77.2.8&r2=1.77.2.9&sortby=log" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.86&r2=1.87&sortby=log", "description": [
"refsource" : "CONFIRM", {
"url" : "http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.86&r2=1.87&sortby=log" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.namazu.org/security.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.namazu.org/security.html" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=756341", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=756341" "name": "http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.59.8.28&r2=1.59.8.29&sortby=log",
}, "refsource": "CONFIRM",
{ "url": "http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.59.8.28&r2=1.59.8.29&sortby=log"
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722" "name": "50772",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/50772"
"name" : "50772", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/50772" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=756341",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=756341"
} },
} {
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.77.2.8&r2=1.77.2.9&sortby=log",
"refsource": "CONFIRM",
"url": "http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.77.2.8&r2=1.77.2.9&sortby=log"
},
{
"name": "http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.86&r2=1.87&sortby=log",
"refsource": "CONFIRM",
"url": "http://cvs.namazu.org/namazu/src/result.c?sortdir=down&r1=1.86&r2=1.87&sortby=log"
},
{
"name": "http://www.namazu.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.namazu.org/security.html"
}
]
}
}

130
2012/2xxx/CVE-2012-2053.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2053", "ID": "CVE-2012-2053",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt" "lang": "eng",
}, "value": "The sudoers file in the Linux system configuration in F5 FirePass 6.0.0 through 6.1.0 and 7.0.0 does not require a password for executing commands as root, which allows local users to gain privileges via the sudo program, as demonstrated by the user account that executes PHP scripts, a different vulnerability than CVE-2012-1777."
{ }
"name" : "firepass-sudoers-priv-escalation(74813)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74813" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt",
"refsource": "MISC",
"url": "https://www.sec-consult.com/files/20120328-0_F5_FirePass_SSL_VPN_unauthenticated_remote_root_v1.0.txt"
},
{
"name": "firepass-sudoers-priv-escalation(74813)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74813"
}
]
}
}

34
2012/2xxx/CVE-2012-2545.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-2545", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-2545",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

160
2012/2xxx/CVE-2012-2572.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-2572", "ID": "CVE-2012-2572",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20365", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/20365" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the ThreeWP Email Reflector plugin before 1.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Subject of an email."
{ }
"name" : "http://wordpress.org/plugins/threewp-email-reflector/changelog", ]
"refsource" : "CONFIRM", },
"url" : "http://wordpress.org/plugins/threewp-email-reflector/changelog" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "54903", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/54903" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "85134", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/show/osvdb/85134" ]
}, },
{ "references": {
"name" : "threewpemailreflector-sendmail-xss(77502)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77502" "name": "http://wordpress.org/plugins/threewp-email-reflector/changelog",
} "refsource": "CONFIRM",
] "url": "http://wordpress.org/plugins/threewp-email-reflector/changelog"
} },
} {
"name": "threewpemailreflector-sendmail-xss(77502)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77502"
},
{
"name": "54903",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54903"
},
{
"name": "85134",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/85134"
},
{
"name": "20365",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20365"
}
]
}
}

160
2012/2xxx/CVE-2012-2947.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2947", "ID": "CVE-2012-2947",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver.", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html" "lang": "eng",
}, "value": "chan_iax2.c in the IAX2 channel driver in Certified Asterisk 1.8.11-cert before 1.8.11-cert2 and Asterisk Open Source 1.8.x before 1.8.12.1 and 10.x before 10.4.1, when a certain mohinterpret setting is enabled, allows remote attackers to cause a denial of service (daemon crash) by placing a call on hold."
{ }
"name" : "http://downloads.asterisk.org/pub/security/AST-2012-007.html", ]
"refsource" : "CONFIRM", },
"url" : "http://downloads.asterisk.org/pub/security/AST-2012-007.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-2493", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2012/dsa-2493" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1027102", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1027102" ]
}, },
{ "references": {
"name" : "49303", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49303" "name": "DSA-2493",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2012/dsa-2493"
} },
} {
"name": "1027102",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027102"
},
{
"name": "20120529 AST-2012-007: Remote crash vulnerability in IAX2 channel driver.",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0144.html"
},
{
"name": "http://downloads.asterisk.org/pub/security/AST-2012-007.html",
"refsource": "CONFIRM",
"url": "http://downloads.asterisk.org/pub/security/AST-2012-007.html"
},
{
"name": "49303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49303"
}
]
}
}

140
2012/2xxx/CVE-2012-2996.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-2996", "ID": "CVE-2012-2996",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#471364", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/471364" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action."
{ }
"name" : "1027544", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id?1027544" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "50620", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50620" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1027544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027544"
},
{
"name": "VU#471364",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/471364"
},
{
"name": "50620",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50620"
}
]
}
}

34
2012/3xxx/CVE-2012-3033.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-3033", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-3033",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2012. Notes: none."
} }
] ]
} }
} }

34
2012/6xxx/CVE-2012-6157.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6157", "ID": "CVE-2012-6157",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2012/6xxx/CVE-2012-6373.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6373", "ID": "CVE-2012-6373",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2012/6xxx/CVE-2012-6561.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6561", "ID": "CVE-2012-6561",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some of these details are obtained from third party information."
{ }
"name" : "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip", ]
"refsource" : "CONFIRM", },
"url" : "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53623", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53623" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "49129", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/49129" ]
}, },
{ "references": {
"name" : "elgg-index-xss(75756)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75756" "name": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released",
} "refsource": "CONFIRM",
] "url": "http://blog.elgg.org/pg/blog/evan/read/209/elgg-185-released"
} },
} {
"name": "49129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49129"
},
{
"name": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip",
"refsource": "CONFIRM",
"url": "http://elgg.org/getelgg.php?forward=elgg-1.8.5.zip"
},
{
"name": "53623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53623"
},
{
"name": "elgg-index-xss(75756)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75756"
}
]
}
}

34
2012/6xxx/CVE-2012-6678.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6678", "ID": "CVE-2012-6678",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

180
2015/1xxx/CVE-2015-1883.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-1883", "ID": "CVE-2015-1883",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698308", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21698308" "lang": "eng",
}, "value": "IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read certain administrative files via crafted use of an automated-maintenance policy stored procedure."
{ }
"name" : "IT08075", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08075" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "IT08080", "description": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08080" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "IT08085", ]
"refsource" : "AIXAPAR", }
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08085" ]
}, },
{ "references": {
"name" : "IT08086", "reference_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08086" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21698308",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21698308"
"name" : "75946", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75946" "name": "75946",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/75946"
"name" : "1032881", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032881" "name": "IT08085",
} "refsource": "AIXAPAR",
] "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08085"
} },
} {
"name": "IT08080",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08080"
},
{
"name": "IT08086",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08086"
},
{
"name": "1032881",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032881"
},
{
"name": "IT08075",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT08075"
}
]
}
}

120
2015/5xxx/CVE-2015-5153.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-5153", "ID": "CVE-2015-5153",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1243526", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1243526" "lang": "eng",
} "value": "Pulp does not remove permissions for named objects upon deletion, which allows authenticated users to gain the privileges of a deleted object via creating an object with the same name."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1243526",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243526"
}
]
}
}

140
2015/5xxx/CVE-2015-5638.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "vultures@jpcert.or.jp",
"ID" : "CVE-2015-5638", "ID": "CVE-2015-5638",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://h2o.examp1e.net/vulnerabilities.html#CVE-2015-5638", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://h2o.examp1e.net/vulnerabilities.html#CVE-2015-5638" "lang": "eng",
}, "value": "Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL."
{ }
"name" : "JVN#65602714", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN65602714/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2015-000136", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000136" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2015-000136",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000136"
},
{
"name": "JVN#65602714",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN65602714/index.html"
},
{
"name": "https://h2o.examp1e.net/vulnerabilities.html#CVE-2015-5638",
"refsource": "CONFIRM",
"url": "https://h2o.examp1e.net/vulnerabilities.html#CVE-2015-5638"
}
]
}
}

190
2015/5xxx/CVE-2015-5790.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5790", "ID": "CVE-2015-5790",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT205212", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205212" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
{ }
"name" : "https://support.apple.com/HT205221", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT205221" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT205265", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205265" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2015-09-16-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2015-09-16-3", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" "name": "https://support.apple.com/HT205221",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT205221"
"name" : "APPLE-SA-2015-09-30-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" "name": "1033609",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1033609"
"name" : "76763", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76763" "name": "https://support.apple.com/HT205212",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT205212"
"name" : "1033609", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033609" "name": "76763",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/76763"
} },
} {
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-16-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

120
2015/5xxx/CVE-2015-5988.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2015-5988", "ID": "CVE-2015-5988",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#201168", "description_data": [
"refsource" : "CERT-VN", {
"url" : "https://www.kb.cert.org/vuls/id/201168" "lang": "eng",
} "value": "The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#201168",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/201168"
}
]
}
}

34
2018/11xxx/CVE-2018-11010.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11010", "ID": "CVE-2018-11010",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/11xxx/CVE-2018-11135.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11135", "ID": "CVE-2018-11135",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities" "lang": "eng",
} "value": "The script '/adminui/error_details.php' in the Quest KACE System Management Appliance 8.0.318 allows authenticated users to conduct PHP object injection attacks."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/quest-kace-system-management-appliance-multiple-vulnerabilities"
}
]
}
}

120
2018/11xxx/CVE-2018-11203.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11203", "ID": "CVE-2018-11203",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5" "lang": "eng",
} "value": "A division by zero was discovered in H5D__btree_decode_key in H5Dbtree.c in the HDF HDF5 1.10.2 library. It could allow a remote denial of service attack."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5",
"refsource": "MISC",
"url": "https://github.com/Twi1ight/fuzzing-pocs/tree/master/hdf5"
}
]
}
}

130
2018/11xxx/CVE-2018-11316.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11316", "ID": "CVE-2018-11316",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325", "description_data": [
"refsource" : "MISC", {
"url" : "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325" "lang": "eng",
}, "value": "The UPnP HTTP server on Sonos wireless speaker products allow unauthorized access via a DNS rebinding attack. This can result in remote device control and privileged device and network information to be exfiltrated by an attacker."
{ }
"name" : "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability", ]
"refsource" : "MISC", },
"url" : "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability",
"refsource": "MISC",
"url": "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability"
},
{
"name": "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325",
"refsource": "MISC",
"url": "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325"
}
]
}
}

34
2018/11xxx/CVE-2018-11391.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11391", "ID": "CVE-2018-11391",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/11xxx/CVE-2018-11428.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11428", "ID": "CVE-2018-11428",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/15xxx/CVE-2018-15016.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15016", "ID": "CVE-2018-15016",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/15xxx/CVE-2018-15092.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15092", "ID": "CVE-2018-15092",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/15xxx/CVE-2018-15970.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-15970", "ID": "CVE-2018-15970",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Experience Manager", "product_name": "Adobe Experience Manager",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "6.4, 6.3, 6.2, 6.1, and 6.0 versions" "version_value": "6.4, 6.3, 6.2, 6.1, and 6.0 versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe" "vendor_name": "Adobe"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Reflected Cross-site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html" "lang": "eng",
}, "value": "Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a reflected cross-site scripting vulnerability. Successful exploitation could lead to sensitive information disclosure."
{ }
"name" : "105574", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105574" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Reflected Cross-site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105574"
},
{
"name": "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb18-36.html"
}
]
}
}

142
2018/3xxx/CVE-2018-3010.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3010", "ID": "CVE-2018-3010",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Outside In Technology", "product_name": "Outside In Technology",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.5.3" "version_value": "8.5.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
{ }
"name" : "104762", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104762" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041310", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041310" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104762"
},
{
"name": "1041310",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041310"
}
]
}
}

174
2018/3xxx/CVE-2018-3046.json
View File

@ -1,89 +1,89 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3046", "ID": "CVE-2018-3046",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Banking Corporate Lending", "product_name": "Banking Corporate Lending",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.3.0" "version_value": "12.3.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.4.0" "version_value": "12.4.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.5.0" "version_value": "12.5.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "14.0.0" "version_value": "14.0.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "14.1.0" "version_value": "14.1.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)."
{ }
"name" : "104795", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104795" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041307", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041307" "lang": "eng",
} "value": "Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Banking Corporate Lending accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041307"
},
{
"name": "104795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104795"
}
]
}
}

180
2018/3xxx/CVE-2018-3056.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3056", "ID": "CVE-2018-3056",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Server", "product_name": "MySQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "5.7.22 and prior" "version_value": "5.7.22 and prior"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.0.11 and prior" "version_value": "8.0.11 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Privileges). Supported versions that are affected are 5.7.22 and prior and 8.0.11 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20180726-0002/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20180726-0002/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:3655", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:3655" "lang": "eng",
}, "value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data."
{ }
"name" : "USN-3725-1", ]
"refsource" : "UBUNTU", }
"url" : "https://usn.ubuntu.com/3725-1/" ]
}, },
{ "references": {
"name" : "104769", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104769" "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name" : "1041294", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041294" "name": "USN-3725-1",
} "refsource": "UBUNTU",
] "url": "https://usn.ubuntu.com/3725-1/"
} },
} {
"name": "1041294",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041294"
},
{
"name": "RHSA-2018:3655",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3655"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"name": "104769",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104769"
}
]
}
}

158
2018/3xxx/CVE-2018-3198.json
View File

@ -1,81 +1,81 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3198", "ID": "CVE-2018-3198",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "PeopleSoft Enterprise PT PeopleTools", "product_name": "PeopleSoft Enterprise PT PeopleTools",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.55" "version_value": "8.55"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.56" "version_value": "8.56"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.57" "version_value": "8.57"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" "lang": "eng",
}, "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
{ }
"name" : "105609", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105609" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041891", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041891" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1041891",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041891"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "105609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105609"
}
]
}
}

122
2018/3xxx/CVE-2018-3916.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-07-26T00:00:00", "DATE_PUBLIC": "2018-07-26T00:00:00",
"ID" : "CVE-2018-3916", "ID": "CVE-2018-3916",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Samsung", "product_name": "Samsung",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17" "version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Samsung" "vendor_name": "Samsung"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long 'directory' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0581", "description_data": [
"refsource" : "MISC", {
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0581" "lang": "eng",
} "value": "An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136 bytes. An attacker can send an arbitrarily long 'directory' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0581",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0581"
}
]
}
}

326
2018/8xxx/CVE-2018-8313.json
View File

@ -1,165 +1,165 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8313", "ID": "CVE-2018-8313",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows Server 2012 R2", "product_name": "Windows Server 2012 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows RT 8.1", "product_name": "Windows RT 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012", "product_name": "Windows Server 2012",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2016", "product_name": "Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 8.1", "product_name": "Windows 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit systems" "version_value": "32-bit systems"
}, },
{ {
"version_value" : "x64-based systems" "version_value": "x64-based systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems" "version_value": "32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for 32-bit Systems" "version_value": "Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for x64-based Systems" "version_value": "Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1703 for 32-bit Systems" "version_value": "Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1703 for x64-based Systems" "version_value": "Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1709 for 32-bit Systems" "version_value": "Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1709 for x64-based Systems" "version_value": "Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1803 for 32-bit Systems" "version_value": "Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1803 for x64-based Systems" "version_value": "Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "x64-based Systems" "version_value": "x64-based Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10 Servers", "product_name": "Windows 10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1709 (Server Core Installation)" "version_value": "version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "version 1803 (Server Core Installation)" "version_value": "version 1803 (Server Core Installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka \"Windows Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8314."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8313", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8313" "lang": "eng",
}, "value": "An elevation of privilege vulnerability exists in the way that the Windows Kernel API enforces permissions, aka \"Windows Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8314."
{ }
"name" : "104670", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104670" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041263", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041263" "lang": "eng",
} "value": "Elevation of Privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8313",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8313"
},
{
"name": "104670",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104670"
},
{
"name": "1041263",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041263"
}
]
}
}

34
2018/8xxx/CVE-2018-8614.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8614", "ID": "CVE-2018-8614",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/8xxx/CVE-2018-8672.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8672", "ID": "CVE-2018-8672",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/8xxx/CVE-2018-8700.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8700", "ID": "CVE-2018-8700",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/8xxx/CVE-2018-8965.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8965", "ID": "CVE-2018-8965",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/Ni9htMar3/vulnerability/blob/master/zzcms_8.2/ppsave.php.md", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/Ni9htMar3/vulnerability/blob/master/zzcms_8.2/ppsave.php.md" "lang": "eng",
} "value": "An issue was discovered in zzcms 8.2. user/ppsave.php allows remote attackers to delete arbitrary files via directory traversal sequences in the oldimg parameter in an action=modify request. This can be leveraged for database access by deleting install.lock."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Ni9htMar3/vulnerability/blob/master/zzcms_8.2/ppsave.php.md",
"refsource": "MISC",
"url": "https://github.com/Ni9htMar3/vulnerability/blob/master/zzcms_8.2/ppsave.php.md"
}
]
}
}