admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:31:17 +00:00
parent b694c868f0
commit 3fa191ba6e
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3797 additions and 3797 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

310
2005/0xxx/CVE-2005-0399.json
View File

@ -1,157 +1,157 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2005-0399", "ID": "CVE-2005-0399",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050323 Mozilla Foundation GIF Overflow", "description_data": [
"refsource" : "ISS", {
"url" : "http://xforce.iss.net/xforce/alerts/id/191" "lang": "eng",
}, "value": "Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size."
{ }
"name" : "http://www.mozilla.org/security/announce/mfsa2005-30.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.mozilla.org/security/announce/mfsa2005-30.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877", "description": [
"refsource" : "MISC", {
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200503-30", ]
"refsource" : "GENTOO", }
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml" ]
}, },
{ "references": {
"name" : "RHSA-2005:323", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-323.html" "name": "RHSA-2005:323",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-323.html"
"name" : "RHSA-2005:335", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-335.html" "name": "RHSA-2005:336",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-336.html"
"name" : "RHSA-2005:336", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-336.html" "name": "ADV-2005-0296",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/0296"
"name" : "RHSA-2005:337", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-337.html" "name": "SCOSA-2005.49",
}, "refsource": "SCO",
{ "url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt"
"name" : "SCOSA-2005.49", },
"refsource" : "SCO", {
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt" "name": "oval:org.mitre.oval:def:100028",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028"
"name" : "SUSE-SA:2006:022", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" "name": "RHSA-2005:335",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-335.html"
"name" : "VU#557948", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/557948" "name": "19823",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19823"
"name" : "P-160", },
"refsource" : "CIAC", {
"url" : "http://www.ciac.org/ciac/bulletins/p-160.shtml" "name": "15495",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/15495"
"name" : "12881", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12881" "name": "P-160",
}, "refsource": "CIAC",
{ "url": "http://www.ciac.org/ciac/bulletins/p-160.shtml"
"name" : "15495", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15495" "name": "gif-extension-overflow(19269)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19269"
"name" : "oval:org.mitre.oval:def:11377", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377" "name": "12881",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/12881"
"name" : "ADV-2005-0296", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/0296" "name": "http://www.mozilla.org/security/announce/mfsa2005-30.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/mfsa2005-30.html"
"name" : "oval:org.mitre.oval:def:100028", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100028" "name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877",
}, "refsource": "MISC",
{ "url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877"
"name" : "14654", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14654" "name": "20050323 Mozilla Foundation GIF Overflow",
}, "refsource": "ISS",
{ "url": "http://xforce.iss.net/xforce/alerts/id/191"
"name" : "19823", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19823" "name": "VU#557948",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/557948"
"name" : "gif-extension-overflow(19269)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19269" "name": "GLSA-200503-30",
} "refsource": "GENTOO",
] "url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
} },
} {
"name": "oval:org.mitre.oval:def:11377",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11377"
},
{
"name": "14654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14654"
},
{
"name": "SUSE-SA:2006:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
},
{
"name": "RHSA-2005:337",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-337.html"
}
]
}
}

190
2005/2xxx/CVE-2005-2204.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2204", "ID": "CVE-2005-2204",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the \"CSSChecking\" parameter is set to \"NO,\" allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050708 SiteMinder Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112084050624959&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Computer Associates (CA) eTrust SiteMinder 5.5, when the \"CSSChecking\" parameter is set to \"NO,\" allows remote attackers to inject arbitrary web script or HTML via the (1) PASSWORD or (2) BUFFER parameters to smpwservicescgi.exe, (3) the TARGET parameter to login.fcc, and possibly other vectors."
{ }
"name" : "20050711 Re: SiteMinder Multiple Vulnerabilities", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=112110963416714&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-1040", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/1040" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17809", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/17809" ]
}, },
{ "references": {
"name" : "17810", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/17810" "name": "1014433",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1014433"
"name" : "1014433", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014433" "name": "15956",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/15956"
"name" : "15956", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15956" "name": "17809",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/17809"
"name" : "ca-siteminder-smpwservicescgi-xss(21305)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21305" "name": "ca-siteminder-smpwservicescgi-xss(21305)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21305"
} },
} {
"name": "17810",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17810"
},
{
"name": "20050711 Re: SiteMinder Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112110963416714&w=2"
},
{
"name": "20050708 SiteMinder Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112084050624959&w=2"
},
{
"name": "ADV-2005-1040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1040"
}
]
}
}

120
2005/2xxx/CVE-2005-2481.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2481", "ID": "CVE-2005-2481",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the \"?\" (question mark) character."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050803 Coldfusion Fusebox V4.1.0 Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112309656102615&w=2" "lang": "eng",
} "value": "ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the \"?\" (question mark) character."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050803 Coldfusion Fusebox V4.1.0 Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112309656102615&w=2"
}
]
}
}

160
2005/2xxx/CVE-2005-2556.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2005-2556", "ID": "CVE-2005-2556",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112786017426276&w=2" "lang": "eng",
}, "value": "core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956."
{ }
"name" : "DSA-778", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2005/dsa-778" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "GLSA-200509-16", "description": [
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14604", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/14604" ]
}, },
{ "references": {
"name" : "16506", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16506" "name": "DSA-778",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2005/dsa-778"
} },
} {
"name": "16506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16506"
},
{
"name": "14604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14604"
},
{
"name": "GLSA-200509-16",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml"
},
{
"name": "20050926 Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112786017426276&w=2"
}
]
}
}

150
2005/2xxx/CVE-2005-2647.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2647", "ID": "CVE-2005-2647",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject arbitrary web script or HTML and modify web pages via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_008.pdf", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_008.pdf" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject arbitrary web script or HTML and modify web pages via unknown vectors."
{ }
"name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_009.pdf", ]
"refsource" : "CONFIRM", },
"url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_009.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1014720", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014720" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16467", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/16467" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1014720",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014720"
},
{
"name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_008.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_008.pdf"
},
{
"name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_009.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_009.pdf"
},
{
"name": "16467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16467"
}
]
}
}

150
2005/3xxx/CVE-2005-3112.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3112", "ID": "CVE-2005-3112",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"reset password\" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.macromedia.com/go/mpsb05-06", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.macromedia.com/go/mpsb05-06" "lang": "eng",
}, "value": "The \"reset password\" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords."
{ }
"name" : "14975", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/14975" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1014990", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014990" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17009", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/17009" ]
} },
] "references": {
} "reference_data": [
} {
"name": "17009",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17009"
},
{
"name": "14975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14975"
},
{
"name": "http://www.macromedia.com/go/mpsb05-06",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/go/mpsb05-06"
},
{
"name": "1014990",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014990"
}
]
}
}

150
2005/3xxx/CVE-2005-3677.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3677", "ID": "CVE-2005-3677",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051111 High Risk Flaw in RealPlayer", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=113181464921104&w=2" "lang": "eng",
}, "value": "Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote attackers to execute arbitrary code via a crafted image in a RealPlayer Skin (RJS) file. NOTE: due to the lack of details, it is unclear how this is different than CVE-2005-2629 and CVE-2005-2630, but the vendor advisory implies that it is different."
{ }
"name" : "http://service.real.com/help/faq/security/051110_player/EN/", ]
"refsource" : "CONFIRM", },
"url" : "http://service.real.com/help/faq/security/051110_player/EN/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15398", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15398/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17514", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/17514" ]
} },
] "references": {
} "reference_data": [
} {
"name": "15398",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15398/"
},
{
"name": "17514",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17514"
},
{
"name": "http://service.real.com/help/faq/security/051110_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/051110_player/EN/"
},
{
"name": "20051111 High Risk Flaw in RealPlayer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113181464921104&w=2"
}
]
}
}

160
2005/3xxx/CVE-2005-3882.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3882", "ID": "CVE-2005-3882",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowledge Base Software 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/11/faqring-30-sql-inj-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/11/faqring-30-sql-inj-vuln.html" "lang": "eng",
}, "value": "SQL injection vulnerability in answer.php in FAQSystems FAQRing Knowledge Base Software 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "15655", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15655" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2625", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2625" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21265", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/21265" ]
}, },
{ "references": {
"name" : "17811", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17811" "name": "21265",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/21265"
} },
} {
"name": "ADV-2005-2625",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2625"
},
{
"name": "http://pridels0.blogspot.com/2005/11/faqring-30-sql-inj-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/faqring-30-sql-inj-vuln.html"
},
{
"name": "15655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15655"
},
{
"name": "17811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17811"
}
]
}
}

160
2005/3xxx/CVE-2005-3977.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3977", "ID": "CVE-2005-3977",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to the search module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/12/qualityppc-xss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/12/qualityppc-xss-vuln.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553 allows remote attackers to inject web script or HTML via the REQ parameter to the search module."
{ }
"name" : "15685", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15685" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2699", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2699" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21387", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/21387" ]
}, },
{ "references": {
"name" : "17850", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17850" "name": "15685",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/15685"
} },
} {
"name": "17850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17850"
},
{
"name": "http://pridels0.blogspot.com/2005/12/qualityppc-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/qualityppc-xss-vuln.html"
},
{
"name": "ADV-2005-2699",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2699"
},
{
"name": "21387",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21387"
}
]
}
}

140
2005/4xxx/CVE-2005-4052.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4052", "ID": "CVE-2005-4052",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051205 [scip_Advisory] e107 v0.6 rate.php manipulation", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/418577/100/0/threaded" "lang": "eng",
}, "value": "e107 0.6174 allows remote attackers to redirect users to other web sites via the download parameter in rate.php, which is used after a user submits a file download rating. NOTE: in the default installation, the e_BASE variable restricts the redirection to the same web site."
{ }
"name" : "17890", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/17890/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "229", "description": [
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/229" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20051205 [scip_Advisory] e107 v0.6 rate.php manipulation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418577/100/0/threaded"
},
{
"name": "229",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/229"
},
{
"name": "17890",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17890/"
}
]
}
}

140
2005/4xxx/CVE-2005-4753.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4753", "ID": "CVE-2005-4753",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain \"heavy usage\" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "BEA05-89.00", "description_data": [
"refsource" : "BEA", {
"url" : "http://dev2dev.bea.com/pub/advisory/143" "lang": "eng",
}, "value": "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain \"heavy usage\" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection."
{ }
"name" : "15052", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15052" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17138", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17138" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "BEA05-89.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/143"
},
{
"name": "15052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15052"
},
{
"name": "17138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17138"
}
]
}
}

140
2005/4xxx/CVE-2005-4763.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4763", "ID": "CVE-2005-4763",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "BEA05-100.00", "description_data": [
"refsource" : "BEA", {
"url" : "http://dev2dev.bea.com/pub/advisory/154" "lang": "eng",
}, "value": "BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions."
{ }
"name" : "15052", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15052" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "17138", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17138" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "BEA05-100.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/154"
},
{
"name": "15052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15052"
},
{
"name": "17138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17138"
}
]
}
}

190
2005/4xxx/CVE-2005-4835.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4835", "ID": "CVE-2005-4835",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://madwifi.org/ticket/162", "description_data": [
"refsource" : "MISC", {
"url" : "http://madwifi.org/ticket/162" "lang": "eng",
}, "value": "The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission."
{ }
"name" : "http://madwifi.org/ticket/279", ]
"refsource" : "MISC", },
"url" : "http://madwifi.org/ticket/279" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://madwifi.org/ticket/287", "description": [
"refsource" : "CONFIRM", {
"url" : "http://madwifi.org/ticket/287" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://madwifi.org/wiki/Releases/0.9.3", ]
"refsource" : "CONFIRM", }
"url" : "http://madwifi.org/wiki/Releases/0.9.3" ]
}, },
{ "references": {
"name" : "MDKSA-2007:082", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2007:082" "name": "http://madwifi.org/ticket/287",
}, "refsource": "CONFIRM",
{ "url": "http://madwifi.org/ticket/287"
"name" : "SUSE-SR:2007:014", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2007_14_sr.html" "name": "MDKSA-2007:082",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:082"
"name" : "24841", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24841" "name": "26083",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/26083"
"name" : "26083", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/26083" "name": "SUSE-SR:2007:014",
} "refsource": "SUSE",
] "url": "http://www.novell.com/linux/security/advisories/2007_14_sr.html"
} },
} {
"name": "http://madwifi.org/ticket/162",
"refsource": "MISC",
"url": "http://madwifi.org/ticket/162"
},
{
"name": "http://madwifi.org/wiki/Releases/0.9.3",
"refsource": "CONFIRM",
"url": "http://madwifi.org/wiki/Releases/0.9.3"
},
{
"name": "24841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24841"
},
{
"name": "http://madwifi.org/ticket/279",
"refsource": "MISC",
"url": "http://madwifi.org/ticket/279"
}
]
}
}

130
2005/4xxx/CVE-2005-4873.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4873", "ID": "CVE-2005-4873",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cups_get_dest_options function in phpcups.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cups.org/str.php?L1102", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.cups.org/str.php?L1102" "lang": "eng",
}, "value": "Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cups_get_dest_options function in phpcups.c."
{ }
"name" : "phpcups-function-bo(41497)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/41497" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpcups-function-bo(41497)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41497"
},
{
"name": "http://www.cups.org/str.php?L1102",
"refsource": "CONFIRM",
"url": "http://www.cups.org/str.php?L1102"
}
]
}
}

180
2009/0xxx/CVE-2009-0630.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2009-0630", "ID": "CVE-2009-0630",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml" "lang": "eng",
}, "value": "The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets."
{ }
"name" : "20090325 Cisco IOS Software Multiple Features IP Sockets Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c6.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34242", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34242" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1021897", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1021897" ]
}, },
{ "references": {
"name" : "34438", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34438" "name": "34242",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34242"
"name" : "ADV-2009-0851", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0851" "name": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml",
}, "refsource": "CONFIRM",
{ "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml"
"name" : "ios-ipsockets-dos(49418)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49418" "name": "34438",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/34438"
} },
} {
"name": "20090325 Cisco IOS Software Multiple Features IP Sockets Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c6.shtml"
},
{
"name": "ios-ipsockets-dos(49418)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49418"
},
{
"name": "ADV-2009-0851",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0851"
},
{
"name": "1021897",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021897"
}
]
}
}

170
2009/0xxx/CVE-2009-0996.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2009-0996", "ID": "CVE-2009-0996",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors."
{ }
"name" : "TA09-105A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34461", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34461" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "53745", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/53745" ]
}, },
{ "references": {
"name" : "1022055", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022055" "name": "1022055",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1022055"
"name" : "34693", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34693" "name": "34461",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/34461"
} },
} {
"name": "34693",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34693"
},
{
"name": "53745",
"refsource": "OSVDB",
"url": "http://osvdb.org/53745"
},
{
"name": "TA09-105A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
}
]
}
}

140
2009/2xxx/CVE-2009-2401.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2401", "ID": "CVE-2009-2401",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9014", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9014" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post."
{ }
"name" : "35488", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/35488" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "phpechocms-stealing-xss(51360)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51360" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "9014",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9014"
},
{
"name": "phpechocms-stealing-xss(51360)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51360"
},
{
"name": "35488",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35488"
}
]
}
}

250
2009/3xxx/CVE-2009-3009.json
View File

@ -1,127 +1,127 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3009", "ID": "CVE-2009-3009",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[rubyonrails-security] 20090904 XSS Vulnerability in Ruby on Rails", "description_data": [
"refsource" : "MLIST", {
"url" : "http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper."
{ }
"name" : "http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails", ]
"refsource" : "CONFIRM", },
"url" : "http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063", "description": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT4077", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT4077" ]
}, },
{ "references": {
"name" : "APPLE-SA-2010-03-29-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" "name": "36278",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/36278"
"name" : "DSA-1887", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1887" "name": "http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails",
}, "refsource": "CONFIRM",
{ "url": "http://weblog.rubyonrails.org/2009/9/4/xss-vulnerability-in-ruby-on-rails"
"name" : "SUSE-SR:2009:017", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html" "name": "36600",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36600"
"name" : "36278", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36278" "name": "APPLE-SA-2010-03-29-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
"name" : "57666", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/57666" "name": "ADV-2009-2544",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/2544"
"name" : "1022824", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1022824" "name": "rubyonrails-unicode-xss(53036)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53036"
"name" : "36600", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36600" "name": "http://support.apple.com/kb/HT4077",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4077"
"name" : "36717", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36717" "name": "DSA-1887",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1887"
"name" : "ADV-2009-2544", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2544" "name": "[rubyonrails-security] 20090904 XSS Vulnerability in Ruby on Rails",
}, "refsource": "MLIST",
{ "url": "http://groups.google.com/group/rubyonrails-security/msg/7f57cd7794e1d1b4?dmode=source"
"name" : "rubyonrails-unicode-xss(53036)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53036" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063",
} "refsource": "CONFIRM",
] "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=545063"
} },
} {
"name": "57666",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/57666"
},
{
"name": "1022824",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022824"
},
{
"name": "36717",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36717"
},
{
"name": "SUSE-SR:2009:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
}
]
}
}

170
2009/3xxx/CVE-2009-3022.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3022", "ID": "CVE-2009-3022",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.bingo-cms.jp/security/jvn68640473.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.bingo-cms.jp/security/jvn68640473.html" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors."
{ }
"name" : "JVN#68640473", ]
"refsource" : "JVN", },
"url" : "http://jvn.jp/en/jp/JVN68640473/index.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "JVNDB-2009-000058", "description": [
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000058.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "57425", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/57425" ]
}, },
{ "references": {
"name" : "36458", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36458" "name": "bingocms-unspecified-csrf(52838)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52838"
"name" : "bingocms-unspecified-csrf(52838)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52838" "name": "57425",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/57425"
} },
} {
"name": "JVNDB-2009-000058",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000058.html"
},
{
"name": "http://www.bingo-cms.jp/security/jvn68640473.html",
"refsource": "CONFIRM",
"url": "http://www.bingo-cms.jp/security/jvn68640473.html"
},
{
"name": "JVN#68640473",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN68640473/index.html"
},
{
"name": "36458",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36458"
}
]
}
}

160
2009/3xxx/CVE-2009-3296.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3296", "ID": "CVE-2009-3296",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny3.diff.gz", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny3.diff.gz" "lang": "eng",
}, "value": "Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows."
{ }
"name" : "http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch3.diff.gz", ]
"refsource" : "CONFIRM", },
"url" : "http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch3.diff.gz" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1912", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1912" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "36713", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/36713" ]
}, },
{ "references": {
"name" : "37067", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37067" "name": "http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny3.diff.gz",
} "refsource": "CONFIRM",
] "url": "http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny3.diff.gz"
} },
} {
"name": "DSA-1912",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1912"
},
{
"name": "37067",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37067"
},
{
"name": "http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch3.diff.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch3.diff.gz"
},
{
"name": "36713",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36713"
}
]
}
}

150
2009/3xxx/CVE-2009-3400.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2009-3400", "ID": "CVE-2009-3400",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Advanced Benefits component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Oracle Advanced Benefits component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
{ }
"name" : "TA09-294A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36767", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36767" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1023059", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1023059" ]
} },
] "references": {
} "reference_data": [
} {
"name": "36767",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36767"
},
{
"name": "TA09-294A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
},
{
"name": "1023059",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023059"
}
]
}
}

350
2009/4xxx/CVE-2009-4032.json
View File

@ -1,177 +1,177 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-4032", "ID": "CVE-2009-4032",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20091126 Cacti 0.8.7e: Multiple security issues", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/508129/100/0/threaded" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) graph.php, (2) include/top_graph_header.php, (3) lib/html_form.php, and (4) lib/timespan_settings.php, as demonstrated by the (a) graph_end or (b) graph_start parameters to graph.php; (c) the date1 parameter in a tree action to graph_view.php; and the (d) page_refresh and (e) default_dual_pane_width parameters to graph_settings.php."
{ }
"name" : "20091125 Cacti 0.8.7e: Multiple security issues", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20091125 CVE Request - Cacti - 0.8.7e", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/11/25/2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20091125 Re: CVE Request - Cacti - 0.8.7e", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2009/11/25/4" ]
}, },
{ "references": {
"name" : "[oss-security] 20091126 Re: CVE Request - Cacti - 0.8.7e", "reference_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/11/26/1" "name": "http://www.cacti.net/download_patches.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.cacti.net/download_patches.php"
"name" : "[oss-security] 20091130 Re: CVE Request - Cacti - 0.8.7e", },
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/11/30/2" "name": "20091126 Cacti 0.8.7e: Multiple security issues",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/508129/100/0/threaded"
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=294573", },
"refsource" : "CONFIRM", {
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=294573" "name": "20091125 Cacti 0.8.7e: Multiple security issues",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html"
"name" : "http://docs.cacti.net/#cross-site_scripting_fixes", },
"refsource" : "CONFIRM", {
"url" : "http://docs.cacti.net/#cross-site_scripting_fixes" "name": "FEDORA-2009-12575",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01390.html"
"name" : "http://www.cacti.net/download_patches.php", },
"refsource" : "CONFIRM", {
"url" : "http://www.cacti.net/download_patches.php" "name": "38087",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38087"
"name" : "http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch", },
"refsource" : "CONFIRM", {
"url" : "http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch" "name": "JVN#09758120",
}, "refsource": "JVN",
{ "url": "http://jvn.jp/en/jp/JVN09758120/index.html"
"name" : "FEDORA-2009-12575", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01390.html" "name": "cacti-name-xss(54388)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54388"
"name" : "FEDORA-2009-12560", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00166.html" "name": "41041",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41041"
"name" : "RHSA-2010:0635", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2010-0635.html" "name": "JVNDB-2009-003901",
}, "refsource": "JVNDB",
{ "url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003901.html"
"name" : "JVN#09758120", },
"refsource" : "JVN", {
"url" : "http://jvn.jp/en/jp/JVN09758120/index.html" "name": "http://docs.cacti.net/#cross-site_scripting_fixes",
}, "refsource": "CONFIRM",
{ "url": "http://docs.cacti.net/#cross-site_scripting_fixes"
"name" : "JVNDB-2009-003901", },
"refsource" : "JVNDB", {
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003901.html" "name": "RHSA-2010:0635",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2010-0635.html"
"name" : "37109", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37109" "name": "[oss-security] 20091125 CVE Request - Cacti - 0.8.7e",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/11/25/2"
"name" : "60483", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/60483" "name": "[oss-security] 20091130 Re: CVE Request - Cacti - 0.8.7e",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/11/30/2"
"name" : "37481", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37481" "name": "37481",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37481"
"name" : "37934", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37934" "name": "[oss-security] 20091125 Re: CVE Request - Cacti - 0.8.7e",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/11/25/4"
"name" : "38087", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38087" "name": "[oss-security] 20091126 Re: CVE Request - Cacti - 0.8.7e",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/11/26/1"
"name" : "41041", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41041" "name": "37109",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37109"
"name" : "ADV-2009-3325", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3325" "name": "ADV-2009-3325",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3325"
"name" : "ADV-2010-2132", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/2132" "name": "ADV-2010-2132",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/2132"
"name" : "cacti-name-xss(54388)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54388" "name": "37934",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/37934"
} },
} {
"name": "60483",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60483"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=294573",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=294573"
},
{
"name": "FEDORA-2009-12560",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00166.html"
},
{
"name": "http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch",
"refsource": "CONFIRM",
"url": "http://www.cacti.net/downloads/patches/0.8.7e/cross_site_fix.patch"
}
]
}
}

190
2009/4xxx/CVE-2009-4080.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4080", "ID": "CVE-2009-4080",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-112960-69-1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-112960-69-1" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors."
{ }
"name" : "231402", ]
"refsource" : "SUNALERT", },
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231402-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37129", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37129" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "60514", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/60514" ]
}, },
{ "references": {
"name" : "1023239", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1023239" "name": "37129",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37129"
"name" : "37505", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37505" "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-112960-69-1",
}, "refsource": "CONFIRM",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-112960-69-1"
"name" : "37506", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37506" "name": "ADV-2009-3336",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3336"
"name" : "ADV-2009-3336", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3336" "name": "1023239",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1023239"
} },
} {
"name": "37506",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37506"
},
{
"name": "231402",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-231402-1"
},
{
"name": "37505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37505"
},
{
"name": "60514",
"refsource": "OSVDB",
"url": "http://osvdb.org/60514"
}
]
}
}

260
2009/4xxx/CVE-2009-4308.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4308", "ID": "CVE-2009-4308",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded" "lang": "eng",
}, "value": "The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via a crafted read-only filesystem that lacks a journal."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=78f1ddbb498283c2445c11b0dfa666424c301803", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=78f1ddbb498283c2445c11b0dfa666424c301803" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" ]
}, },
{ "references": {
"name" : "DSA-2005", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2005" "name": "38276",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38276"
"name" : "MDVSA-2010:198", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198" "name": "RHSA-2010:0147",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0147.html"
"name" : "RHSA-2010:0147", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0147.html" "name": "MDVSA-2010:198",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198"
"name" : "SUSE-SA:2010:001", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html" "name": "SUSE-SA:2010:001",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html"
"name" : "SUSE-SA:2010:012", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html" "name": "SUSE-SA:2010:012",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html"
"name" : "SUSE-SA:2010:005", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=78f1ddbb498283c2445c11b0dfa666424c301803",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=78f1ddbb498283c2445c11b0dfa666424c301803"
"name" : "oval:org.mitre.oval:def:11103", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11103" "name": "43315",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43315"
"name" : "37658", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37658" "name": "oval:org.mitre.oval:def:11103",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11103"
"name" : "38017", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38017" "name": "37658",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37658"
"name" : "38276", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38276" "name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
"name" : "43315", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43315" "name": "SUSE-SA:2010:005",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html"
} },
} {
"name": "DSA-2005",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2005"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "38017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38017"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32"
}
]
}
}

200
2009/4xxx/CVE-2009-4326.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4326", "ID": "CVE-2009-4326",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces \"repeating\" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT", "description_data": [
"refsource" : "CONFIRM", {
"url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT" "lang": "eng",
}, "value": "The RAND scalar function in the Common Code Infrastructure component in IBM DB2 9.5 before FP5 and 9.7 before FP1, when the Database Partitioning Feature (DPF) is used, produces \"repeating\" return values, which might allow attackers to defeat protection mechanisms based on randomization by predicting a value."
{ }
"name" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT", ]
"refsource" : "CONFIRM", },
"url" : "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21293566", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21293566" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21412902", ]
"refsource" : "CONFIRM", }
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21412902" ]
}, },
{ "references": {
"name" : "IC63946", "reference_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946" "name": "IC63946",
}, "refsource": "AIXAPAR",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC63946"
"name" : "IZ44872", },
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872" "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT",
}, "refsource": "CONFIRM",
{ "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v97/APARLIST.TXT"
"name" : "37332", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37332" "name": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT",
}, "refsource": "CONFIRM",
{ "url": "ftp://ftp.software.ibm.com/ps/products/db2/fixes/english-us/aparlist/db2_v95/APARLIST.TXT"
"name" : "37759", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37759" "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566",
}, "refsource": "CONFIRM",
{ "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21293566"
"name" : "ADV-2009-3520", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3520" "name": "IZ44872",
} "refsource": "AIXAPAR",
] "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IZ44872"
} },
} {
"name": "ADV-2009-3520",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3520"
},
{
"name": "37332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37332"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21412902"
},
{
"name": "37759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37759"
}
]
}
}

150
2009/4xxx/CVE-2009-4855.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4855", "ID": "CVE-2009-4855",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that \"there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9380", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9380" "lang": "eng",
}, "value": "** DISPUTED ** SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that \"there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core.\""
{ }
"name" : "http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/", ]
"refsource" : "MISC", },
"url" : "http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35975", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35975" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "typo3-showuid-sql-injection(52308)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52308" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/",
"refsource": "MISC",
"url": "http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/"
},
{
"name": "9380",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9380"
},
{
"name": "typo3-showuid-sql-injection(52308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52308"
},
{
"name": "35975",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35975"
}
]
}
}

34
2012/2xxx/CVE-2012-2432.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2432", "ID": "CVE-2012-2432",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

200
2012/2xxx/CVE-2012-2726.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-2726", "ID": "CVE-2012-2726",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the \"administer protest\" permission to inject arbitrary web script or HTML via the protest_body parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x before 6.x-1.2 or 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the \"administer protest\" permission to inject arbitrary web script or HTML via the protest_body parameter."
{ }
"name" : "http://drupal.org/node/1619856", ]
"refsource" : "MISC", },
"url" : "http://drupal.org/node/1619856" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://drupal.org/node/1618090", "description": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/1618090" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://drupal.org/node/1618092", ]
"refsource" : "CONFIRM", }
"url" : "http://drupal.org/node/1618092" ]
}, },
{ "references": {
"name" : "http://drupalcode.org/project/protest.git/commitdiff/c85eaed", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupalcode.org/project/protest.git/commitdiff/c85eaed" "name": "49386",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/49386"
"name" : "http://drupalcode.org/project/protest.git/commitdiff/cf8c543", },
"refsource" : "CONFIRM", {
"url" : "http://drupalcode.org/project/protest.git/commitdiff/cf8c543" "name": "protest-protestbodyparameter-xss(76126)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76126"
"name" : "82715", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/82715" "name": "http://drupal.org/node/1618090",
}, "refsource": "CONFIRM",
{ "url": "http://drupal.org/node/1618090"
"name" : "49386", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/49386" "name": "http://drupalcode.org/project/protest.git/commitdiff/cf8c543",
}, "refsource": "CONFIRM",
{ "url": "http://drupalcode.org/project/protest.git/commitdiff/cf8c543"
"name" : "protest-protestbodyparameter-xss(76126)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76126" "name": "http://drupalcode.org/project/protest.git/commitdiff/c85eaed",
} "refsource": "CONFIRM",
] "url": "http://drupalcode.org/project/protest.git/commitdiff/c85eaed"
} },
} {
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "82715",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82715"
},
{
"name": "http://drupal.org/node/1618092",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1618092"
},
{
"name": "http://drupal.org/node/1619856",
"refsource": "MISC",
"url": "http://drupal.org/node/1619856"
}
]
}
}

190
2015/0xxx/CVE-2015-0274.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-0274", "ID": "CVE-2015-0274",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59" "lang": "eng",
}, "value": "The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote attribute replacement, which allows local users to cause a denial of service (transaction overrun and data corruption) or possibly gain privileges by leveraging XFS filesystem access."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1195248", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1195248" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/torvalds/linux/commit/8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2015:0290", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0290.html" ]
}, },
{ "references": {
"name" : "RHSA-2015:0694", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0694.html" "name": "USN-2544-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2544-1"
"name" : "USN-2543-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2543-1" "name": "https://github.com/torvalds/linux/commit/8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59"
"name" : "USN-2544-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2544-1" "name": "RHSA-2015:0694",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-0694.html"
"name" : "1031853", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031853" "name": "RHSA-2015:0290",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2015-0290.html"
} },
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1195248",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1195248"
},
{
"name": "1031853",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031853"
},
{
"name": "USN-2543-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2543-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59"
}
]
}
}

180
2015/0xxx/CVE-2015-0421.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2015-0421", "ID": "CVE-2015-0421",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html" "lang": "eng",
}, "value": "Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process."
{ }
"name" : "GLSA-201507-14", ]
"refsource" : "GENTOO", },
"url" : "https://security.gentoo.org/glsa/201507-14" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2015:0080", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0080.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SUSE-SU-2015:0336", ]
"refsource" : "SUSE", }
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html" ]
}, },
{ "references": {
"name" : "72150", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72150" "name": "oracle-cpujan2015-cve20150421(100146)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100146"
"name" : "1031580", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031580" "name": "72150",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/72150"
"name" : "oracle-cpujan2015-cve20150421(100146)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100146" "name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
} },
} {
"name": "SUSE-SU-2015:0336",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html"
},
{
"name": "RHSA-2015:0080",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0080.html"
},
{
"name": "GLSA-201507-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-14"
},
{
"name": "1031580",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031580"
}
]
}
}

130
2015/0xxx/CVE-2015-0770.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-0770", "ID": "CVE-2015-0770",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150605 Cisco TelePresence SX20 HTTP Response Splitting Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39210" "lang": "eng",
}, "value": "CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 and 7.x before 7.3.3 on Integrator C SX20 devices allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL, aka Bug ID CSCut79341."
{ }
"name" : "1032511", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1032511" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032511",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032511"
},
{
"name": "20150605 Cisco TelePresence SX20 HTTP Response Splitting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39210"
}
]
}
}

130
2015/1xxx/CVE-2015-1653.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-1653", "ID": "CVE-2015-1653",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS15-036", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-036" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 and SharePoint Server 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka \"Microsoft SharePoint XSS Vulnerability.\""
{ }
"name" : "1032111", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1032111" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032111",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032111"
},
{
"name": "MS15-036",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-036"
}
]
}
}

34
2015/1xxx/CVE-2015-1749.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2015-1749", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2015-1749",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
} }
] ]
} }
} }

130
2015/5xxx/CVE-2015-5337.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-5337", "ID": "CVE-2015-5337",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted .swf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48085", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48085" "lang": "eng",
}, "value": "Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted .swf file."
{ }
"name" : "https://moodle.org/mod/forum/discuss.php?d=323232", ]
"refsource" : "CONFIRM", },
"url" : "https://moodle.org/mod/forum/discuss.php?d=323232" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48085",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48085"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=323232",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=323232"
}
]
}
}

34
2015/5xxx/CVE-2015-5626.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5626", "ID": "CVE-2015-5626",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

160
2015/5xxx/CVE-2015-5681.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5681", "ID": "CVE-2015-5681",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/big/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150713 Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2015/Jul/64" "lang": "eng",
}, "value": "Unrestricted file upload vulnerability in upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in *_uploadfolder/big/."
{ }
"name" : "[oss-security] 20150720 Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2015/07/20/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20150727 Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/07/27/8" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html" ]
}, },
{ "references": {
"name" : "http://www.vapid.dhs.org/advisory.php?v=132", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.vapid.dhs.org/advisory.php?v=132" "name": "[oss-security] 20150720 Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2015/07/20/1"
} },
} {
"name": "http://www.vapid.dhs.org/advisory.php?v=132",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisory.php?v=132"
},
{
"name": "20150713 Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jul/64"
},
{
"name": "[oss-security] 20150727 Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/27/8"
},
{
"name": "http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132671/WordPress-WP-PowerPlayGallery-3.3-File-Upload-SQL-Injection.html"
}
]
}
}

34
2018/3xxx/CVE-2018-3373.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3373", "ID": "CVE-2018-3373",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/3xxx/CVE-2018-3625.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3625", "ID": "CVE-2018-3625",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

130
2018/3xxx/CVE-2018-3818.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "bressers@elastic.co", "ASSIGNER": "security@elastic.co",
"ID" : "CVE-2018-3818", "ID": "CVE-2018-3818",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Kibana", "product_name": "Kibana",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "5.1.1 to 6.1.2 and 5.6.6" "version_value": "5.1.1 to 6.1.2 and 5.6.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Elastic" "vendor_name": "Elastic"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763" "lang": "eng",
}, "value": "Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users."
{ }
"name" : "102734", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102734" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763",
"refsource": "CONFIRM",
"url": "https://discuss.elastic.co/t/elastic-stack-6-1-2-and-5-6-6-security-update/115763"
},
{
"name": "102734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102734"
}
]
}
}

34
2018/6xxx/CVE-2018-6749.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6749", "ID": "CVE-2018-6749",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/6xxx/CVE-2018-6863.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6863", "ID": "CVE-2018-6863",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44014", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44014" "lang": "eng",
} "value": "SQL Injection exists in PHP Scripts Mall Select Your College Script 2.0.2 via a Login Parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44014",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44014"
}
]
}
}

34
2018/7xxx/CVE-2018-7005.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-7005", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-7005",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

120
2018/7xxx/CVE-2018-7071.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"ID" : "CVE-2018-7071", "ID": "CVE-2018-7071",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "HPE Network Function Virtualization Director (NFVD)", "product_name": "HPE Network Function Virtualization Director (NFVD)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "NFVD 4.2.1 prior to gui patch 3" "version_value": "NFVD 4.2.1 prior to gui patch 3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote unauthorized access to sensitive information"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03853en_us", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03853en_us" "lang": "eng",
} "value": "HPE has identified a remote access to sensitive information vulnerability in HPE Network Function Virtualization Director (NFVD) 4.2.1 prior to gui patch 3."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote unauthorized access to sensitive information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03853en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbgn03853en_us"
}
]
}
}

34
2018/7xxx/CVE-2018-7152.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7152", "ID": "CVE-2018-7152",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

132
2018/7xxx/CVE-2018-7792.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cybersecurity@se.com", "ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC" : "2018-08-22T00:00:00", "DATE_PUBLIC": "2018-08-22T00:00:00",
"ID" : "CVE-2018-7792", "ID": "CVE-2018-7792",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Modicon M221, all references, all versions prior to firmware V1.6.2.0", "product_name": "Modicon M221, all references, all versions prior to firmware V1.6.2.0",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Modicon M221, all references, all versions prior to firmware V1.6.2.0" "version_value": "Modicon M221, all references, all versions prior to firmware V1.6.2.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Schneider Electric SE" "vendor_name": "Schneider Electric SE"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Permissions, Privileges, and Access Control"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/" "lang": "eng",
}, "value": "A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's Modicon M221 product (all references, all versions prior to firmware V1.6.2.0). The vulnerability allows unauthorized users to decode the password using rainbow table."
{ }
"name" : "105182", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105182" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Permissions, Privileges, and Access Control"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105182",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105182"
},
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-235-01/"
}
]
}
}

120
2018/8xxx/CVE-2018-8107.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8107", "ID": "CVE-2018-8107",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652", "description_data": [
"refsource" : "MISC", {
"url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652" "lang": "eng",
} "value": "The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652"
}
]
}
}

428
2018/8xxx/CVE-2018-8309.json
View File

@ -1,216 +1,216 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8309", "ID": "CVE-2018-8309",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows 7", "product_name": "Windows 7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 1" "version_value": "32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012 R2", "product_name": "Windows Server 2012 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows RT 8.1", "product_name": "Windows RT 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008", "product_name": "Windows Server 2008",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 2" "version_value": "32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
}, },
{ {
"version_value" : "Itanium-Based Systems Service Pack 2" "version_value": "Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2" "version_value": "x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012", "product_name": "Windows Server 2012",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 8.1", "product_name": "Windows 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit systems" "version_value": "32-bit systems"
}, },
{ {
"version_value" : "x64-based systems" "version_value": "x64-based systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2016", "product_name": "Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008 R2", "product_name": "Windows Server 2008 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Itanium-Based Systems Service Pack 1" "version_value": "Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems" "version_value": "32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for 32-bit Systems" "version_value": "Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for x64-based Systems" "version_value": "Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1703 for 32-bit Systems" "version_value": "Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1703 for x64-based Systems" "version_value": "Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1709 for 32-bit Systems" "version_value": "Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1709 for x64-based Systems" "version_value": "Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1803 for 32-bit Systems" "version_value": "Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1803 for x64-based Systems" "version_value": "Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "x64-based Systems" "version_value": "x64-based Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10 Servers", "product_name": "Windows 10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1709 (Server Core Installation)" "version_value": "version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "version 1803 (Server Core Installation)" "version_value": "version 1803 (Server Core Installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability exists when Windows improperly handles objects in memory, aka \"Windows Denial of Service Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8309", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8309" "lang": "eng",
}, "value": "A denial of service vulnerability exists when Windows improperly handles objects in memory, aka \"Windows Denial of Service Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
{ }
"name" : "104648", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104648" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041262", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041262" "lang": "eng",
} "value": "Denial of Service"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8309",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8309"
},
{
"name": "104648",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104648"
},
{
"name": "1041262",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041262"
}
]
}
}

160
2018/8xxx/CVE-2018-8437.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8437", "ID": "CVE-2018-8437",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Version 1803 for x64-based Systems" "version_value": "Version 1803 for x64-based Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10 Servers", "product_name": "Windows 10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1803 (Server Core Installation)" "version_value": "version 1803 (Server Core Installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka \"Windows Hyper-V Denial of Service Vulnerability.\" This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8438."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8437", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8437" "lang": "eng",
}, "value": "A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka \"Windows Hyper-V Denial of Service Vulnerability.\" This affects Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8438."
{ }
"name" : "105237", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105237" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041624", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041624" "lang": "eng",
} "value": "Denial of Service"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "105237",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105237"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8437",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8437"
},
{
"name": "1041624",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041624"
}
]
}
}

34
2018/8xxx/CVE-2018-8560.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8560", "ID": "CVE-2018-8560",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

298
2018/8xxx/CVE-2018-8622.json
View File

@ -1,151 +1,151 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8622", "ID": "CVE-2018-8622",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows 7", "product_name": "Windows 7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 1" "version_value": "32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012 R2", "product_name": "Windows Server 2012 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows RT 8.1", "product_name": "Windows RT 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008", "product_name": "Windows Server 2008",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 2" "version_value": "32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
}, },
{ {
"version_value" : "Itanium-Based Systems Service Pack 2" "version_value": "Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2" "version_value": "x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012", "product_name": "Windows Server 2012",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 8.1", "product_name": "Windows 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit systems" "version_value": "32-bit systems"
}, },
{ {
"version_value" : "x64-based systems" "version_value": "x64-based systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008 R2", "product_name": "Windows Server 2008 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Itanium-Based Systems Service Pack 1" "version_value": "Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8621."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8622", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8622" "lang": "eng",
}, "value": "An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka \"Windows Kernel Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2008 R2. This CVE ID is unique from CVE-2018-8477, CVE-2018-8621."
{ }
"name" : "106088", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106088" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8622",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8622"
},
{
"name": "106088",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106088"
}
]
}
}