admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:04:19 +00:00
parent 5aed3aaabf
commit 430929f6ad
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 4552 additions and 4552 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

148
2002/2xxx/CVE-2002-2213.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2213", "ID": "CVE-2002-2213",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html" "lang": "eng",
}, "value": "The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods."
{ }
"name" : "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf", ]
"refsource" : "MISC", },
"url" : "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kb.cert.org/vuls/id/IAFY-5FDPYJ", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kb.cert.org/vuls/id/IAFY-5FDPYJ" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#457875", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/457875" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf",
"refsource": "MISC",
"url": "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf"
},
{
"name": "VU#457875",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/457875"
},
{
"name": "http://www.kb.cert.org/vuls/id/IAFY-5FDPYJ",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/IAFY-5FDPYJ"
},
{
"name": "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html",
"refsource": "MISC",
"url": "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html"
}
]
}
} }

158
2002/2xxx/CVE-2002-2270.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2270", "ID": "CVE-2002-2270",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view \"normally invisible data\" via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "HPSBUX0212-227", "description_data": [
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/advisories/4742" "lang": "eng",
}, "value": "Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and 11.0 allows local users to view \"normally invisible data\" via unknown attack vectors."
{ }
"name" : "SSRT2421", ]
"refsource" : "HP", },
"url" : "http://www.securityfocus.com/advisories/4742" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "6317", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/6317" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:5311", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5311" ]
}, },
{ "references": {
"name" : "hp-ied-information-disclosure(10777)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10777" "name": "HPSBUX0212-227",
} "refsource": "HP",
] "url": "http://www.securityfocus.com/advisories/4742"
} },
{
"name": "SSRT2421",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/4742"
},
{
"name": "oval:org.mitre.oval:def:5311",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5311"
},
{
"name": "6317",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6317"
},
{
"name": "hp-ied-information-disclosure(10777)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10777"
}
]
}
} }

128
2005/0xxx/CVE-2005-0284.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0284", "ID": "CVE-2005-0284",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050110 Woltlab Burning Book addentry.php SQL Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110548032401506&w=2" "lang": "eng",
}, "value": "SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter."
{ }
"name" : "woltlab-book-addentry-sql-injection(18859)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18859" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050110 Woltlab Burning Book addentry.php SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110548032401506&w=2"
},
{
"name": "woltlab-book-addentry-sql-injection(18859)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18859"
}
]
}
} }

128
2005/0xxx/CVE-2005-0421.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0421", "ID": "CVE-2005-0421",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "1013139", "description_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013139" "lang": "eng",
}, "value": "DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges."
{ }
"name" : "delphiturkcodebank-obtain-information(19248)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19248" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013139",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013139"
},
{
"name": "delphiturkcodebank-obtain-information(19248)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19248"
}
]
}
} }

138
2005/0xxx/CVE-2005-0537.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0537", "ID": "CVE-2005-0537",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050221 [NOBYTES.COM: #5] iGeneric eShop 1.2 - Information Disclosure & Possible SQL Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110910607229970&w=2" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) Shop 1.2 may allow remote attackers to execute arbitrary SQL statements via the (1) cats, (2) l_price, or (3) u_price parameters."
{ }
"name" : "1013268", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1013268" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14369", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14369" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1013268",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013268"
},
{
"name": "14369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14369"
},
{
"name": "20050221 [NOBYTES.COM: #5] iGeneric eShop 1.2 - Information Disclosure & Possible SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110910607229970&w=2"
}
]
}
} }

158
2005/0xxx/CVE-2005-0762.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2005-0762", "ID": "CVE-2005-0762",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "DSA-702", "description_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-702" "lang": "eng",
}, "value": "Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file."
{ }
"name" : "RHSA-2005:070", ]
"refsource" : "REDHAT", },
"url" : "http://rhn.redhat.com/errata/RHSA-2005-070.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SUSE-SA:2005:017", "description": [
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:9736", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9736" ]
}, },
{ "references": {
"name" : "1013550", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013550" "name": "oval:org.mitre.oval:def:9736",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9736"
} },
{
"name": "RHSA-2005:070",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2005-070.html"
},
{
"name": "1013550",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013550"
},
{
"name": "SUSE-SA:2005:017",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html"
},
{
"name": "DSA-702",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-702"
}
]
}
} }

128
2005/0xxx/CVE-2005-0880.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0880", "ID": "CVE-2005-0880",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050323 Vortex Portal", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-03/0405.html" "lang": "eng",
}, "value": "content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message."
{ }
"name" : "vortex-portal-path-disclosure(19811)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19811" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050323 Vortex Portal",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-03/0405.html"
},
{
"name": "vortex-portal-path-disclosure(19811)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19811"
}
]
}
} }

178
2005/1xxx/CVE-2005-1380.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1380", "ID": "CVE-2005-1380",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050428 Cross Site Scripting in BEA Admin Console", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111472745503010&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action."
{ }
"name" : "http://www.red-database-security.com/advisory/bea_css_in_admin_console.html", ]
"refsource" : "MISC", },
"url" : "http://www.red-database-security.com/advisory/bea_css_in_admin_console.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "13400", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13400" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15895", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/15895" ]
}, },
{ "references": {
"name" : "1013817", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/alerts/2005/Apr/1013817.html" "name": "15128",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/15128"
"name" : "15128", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15128" "name": "15895",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/15895"
"name" : "weblogic-jndiframesetaction-xss(20276)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20276" "name": "weblogic-jndiframesetaction-xss(20276)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20276"
} },
{
"name": "http://www.red-database-security.com/advisory/bea_css_in_admin_console.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/bea_css_in_admin_console.html"
},
{
"name": "1013817",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/alerts/2005/Apr/1013817.html"
},
{
"name": "20050428 Cross Site Scripting in BEA Admin Console",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111472745503010&w=2"
},
{
"name": "13400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13400"
}
]
}
} }

138
2005/1xxx/CVE-2005-1876.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1876", "ID": "CVE-2005-1876",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050602 PHP Execution Vulnerability in CuteNews", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=111773528322711&w=2" "lang": "eng",
}, "value": "Direct code injection vulnerability in CuteNews 1.3.6 and earlier allows remote attackers with administrative privileges to execute arbitrary PHP code via certain inputs that are injected into a template (.tpl) file."
{ }
"name" : "17030", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/17030" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15594", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15594" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "17030",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17030"
},
{
"name": "20050602 PHP Execution Vulnerability in CuteNews",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111773528322711&w=2"
},
{
"name": "15594",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15594"
}
]
}
} }

128
2005/3xxx/CVE-2005-3896.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3896", "ID": "CVE-2005-3896",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051123 IE BUG, Mozilla DOS?", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=113262115201500&w=2" "lang": "eng",
}, "value": "Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function."
{ }
"name" : "http://www.computerterrorism.com/research/ie/ct21-11-2005", ]
"refsource" : "MISC", },
"url" : "http://www.computerterrorism.com/research/ie/ct21-11-2005" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051123 IE BUG, Mozilla DOS?",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113262115201500&w=2"
},
{
"name": "http://www.computerterrorism.com/research/ie/ct21-11-2005",
"refsource": "MISC",
"url": "http://www.computerterrorism.com/research/ie/ct21-11-2005"
}
]
}
} }

32
2005/4xxx/CVE-2005-4101.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2005-4101", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2005-4101",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
} }
] ]
} }
} }

158
2005/4xxx/CVE-2005-4220.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4220", "ID": "CVE-2005-4220",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as demonstrated using nmap."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051212 [scip_Advisory] NetGear RP114 Flooding Denial of Service", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/419243/100/0/threaded" "lang": "eng",
}, "value": "Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as demonstrated using nmap."
{ }
"name" : "20051212 Re: [Full-disclosure] [scip_Advisory] NetGear RP114 Flooding Denial ofService", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/419244/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20051213 Re: [scip_Advisory] NetGear RP114 Flooding Denial of Service", "description": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/419485/100/0/threaded" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15816", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/15816" ]
}, },
{ "references": {
"name" : "11698", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/11698/" "name": "20051212 Re: [Full-disclosure] [scip_Advisory] NetGear RP114 Flooding Denial ofService",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/419244/100/0/threaded"
} },
{
"name": "15816",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15816"
},
{
"name": "20051212 [scip_Advisory] NetGear RP114 Flooding Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419243/100/0/threaded"
},
{
"name": "20051213 Re: [scip_Advisory] NetGear RP114 Flooding Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419485/100/0/threaded"
},
{
"name": "11698",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11698/"
}
]
}
} }

138
2005/4xxx/CVE-2005-4498.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4498", "ID": "CVE-2005-4498",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/12/text-e-xss-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/12/text-e-xss-vuln.html" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters."
{ }
"name" : "16035", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/16035" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "22067", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22067" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "16035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16035"
},
{
"name": "22067",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22067"
},
{
"name": "http://pridels0.blogspot.com/2005/12/text-e-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/text-e-xss-vuln.html"
}
]
}
} }

32
2005/4xxx/CVE-2005-4531.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2005-4531", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2005-4531",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3345. Reason: This candidate is a duplicate of CVE-2005-3345. CVE-2005-3345 had already been assigned, but not published, before this candidate was created. Notes: All CVE users should reference CVE-2005-3345 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3345. Reason: This candidate is a duplicate of CVE-2005-3345. CVE-2005-3345 had already been assigned, but not published, before this candidate was created. Notes: All CVE users should reference CVE-2005-3345 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

178
2005/4xxx/CVE-2005-4536.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2005-4536", "ID": "CVE-2005-4536",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344029", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344029" "lang": "eng",
}, "value": "Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file."
{ }
"name" : "DSA-960", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2006/dsa-960" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16434", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16434" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0378", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0378" ]
}, },
{ "references": {
"name" : "18652", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18652" "name": "18652",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18652"
"name" : "18656", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18656" "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344029",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344029"
"name" : "perl-mail-audit-symlink(24380)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24380" "name": "DSA-960",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2006/dsa-960"
} },
{
"name": "ADV-2006-0378",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0378"
},
{
"name": "16434",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16434"
},
{
"name": "18656",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18656"
},
{
"name": "perl-mail-audit-symlink(24380)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24380"
}
]
}
} }

148
2009/0xxx/CVE-2009-0506.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0506", "ID": "CVE-2009-0506",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg27006876" "lang": "eng",
}, "value": "Unspecified vulnerability in IBM WebSphere Application Server (WAS) 5.1 and 6.0.2 before 6.0.2.33 on z/OS, when CSIv2 Identity Assertion is enabled and Enterprise JavaBeans (EJB) interaction occurs between a WAS 6.1 instance and a WAS pre-6.1 instance, allows local users to have an unknown impact via vectors related to (1) use of the wrong subject and (2) multiple CBIND checks."
{ }
"name" : "PK71143", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK71143" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "33884", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/33884" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "websphere-zos-csiv2-unspecified(48886)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48886" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876"
},
{
"name": "33884",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33884"
},
{
"name": "PK71143",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK71143"
},
{
"name": "websphere-zos-csiv2-unspecified(48886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48886"
}
]
}
} }

128
2009/0xxx/CVE-2009-0514.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0514", "ID": "CVE-2009-0514",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in WebFrame 0.76 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) currentmod and (2) LANG parameters to mod/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8025", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8025" "lang": "eng",
}, "value": "Multiple directory traversal vulnerabilities in WebFrame 0.76 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) currentmod and (2) LANG parameters to mod/index.php."
{ }
"name" : "33701", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/33701" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8025",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8025"
},
{
"name": "33701",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33701"
}
]
}
} }

148
2009/0xxx/CVE-2009-0562.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2009-0562", "ID": "CVE-2009-0562",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger \"system state\" corruption, aka \"Office Web Components Memory Allocation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS09-043", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043" "lang": "eng",
}, "value": "The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger \"system state\" corruption, aka \"Office Web Components Memory Allocation Vulnerability.\""
{ }
"name" : "TA09-223A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-223A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:6337", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6337" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1022708", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1022708" ]
} },
] "references": {
} "reference_data": [
{
"name": "TA09-223A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
},
{
"name": "1022708",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022708"
},
{
"name": "oval:org.mitre.oval:def:6337",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6337"
},
{
"name": "MS09-043",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-043"
}
]
}
} }

138
2009/1xxx/CVE-2009-1167.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2009-1167", "ID": "CVE-2009-1167",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to modify the configuration via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy44672."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090727 Multiple Vulnerabilities in Cisco Wireless LAN Controllers", "description_data": [
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080adb3d7.shtml" "lang": "eng",
}, "value": "Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to modify the configuration via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy44672."
{ }
"name" : "1022606", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id?1022606" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2009-2021", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2021" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1022606",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022606"
},
{
"name": "20090727 Multiple Vulnerabilities in Cisco Wireless LAN Controllers",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080adb3d7.shtml"
},
{
"name": "ADV-2009-2021",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2021"
}
]
}
} }

408
2009/1xxx/CVE-2009-1306.json
View File

@ -1,207 +1,207 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-1306", "ID": "CVE-2009-1306",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a \"Content-Disposition: attachment\" designation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-16.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-16.html" "lang": "eng",
}, "value": "The jar: URI implementation in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey does not follow the Content-Disposition header of the inner URI, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly other attacks via an uploaded .jar file with a \"Content-Disposition: attachment\" designation."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=474536", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=474536" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-1797", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1797" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2009-3875", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html" ]
}, },
{ "references": {
"name" : "MDVSA-2009:111", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111" "name": "MDVSA-2009:111",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
"name" : "MDVSA-2009:141", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141" "name": "oval:org.mitre.oval:def:6021",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6021"
"name" : "RHSA-2009:0436", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0436.html" "name": "FEDORA-2009-3875",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
"name" : "RHSA-2009:0437", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0437.html" "name": "34894",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34894"
"name" : "RHSA-2009:1125", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1125.html" "name": "oval:org.mitre.oval:def:6710",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6710"
"name" : "RHSA-2009:1126", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1126.html" "name": "ADV-2009-1125",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1125"
"name" : "264308", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1" "name": "oval:org.mitre.oval:def:10150",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10150"
"name" : "SUSE-SR:2009:010", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html" "name": "34758",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34758"
"name" : "USN-764-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/764-1/" "name": "35536",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35536"
"name" : "USN-782-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-782-1" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=474536",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=474536"
"name" : "34656", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34656" "name": "RHSA-2009:1125",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
"name" : "oval:org.mitre.oval:def:10150", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10150" "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-16.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-16.html"
"name" : "oval:org.mitre.oval:def:6021", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6021" "name": "34844",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34844"
"name" : "oval:org.mitre.oval:def:6194", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6194" "name": "USN-782-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/usn-782-1"
"name" : "oval:org.mitre.oval:def:6312", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6312" "name": "35065",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35065"
"name" : "oval:org.mitre.oval:def:6710", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6710" "name": "1022095",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1022095"
"name" : "1022095", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022095" "name": "USN-764-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/764-1/"
"name" : "34758", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34758" "name": "MDVSA-2009:141",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
"name" : "34894", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34894" "name": "SUSE-SR:2009:010",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
"name" : "34843", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34843" "name": "oval:org.mitre.oval:def:6194",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6194"
"name" : "34844", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34844" "name": "35042",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35042"
"name" : "34780", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34780" "name": "34656",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34656"
"name" : "35065", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35065" "name": "34843",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34843"
"name" : "35042", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35042" "name": "DSA-1797",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1797"
"name" : "35536", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35536" "name": "RHSA-2009:0437",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2009-0437.html"
"name" : "ADV-2009-1125", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1125" "name": "RHSA-2009:0436",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
} },
{
"name": "RHSA-2009:1126",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
},
{
"name": "34780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34780"
},
{
"name": "264308",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
},
{
"name": "oval:org.mitre.oval:def:6312",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6312"
}
]
}
} }

378
2009/1xxx/CVE-2009-1492.json
View File

@ -1,192 +1,192 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1492", "ID": "CVE-2009-1492",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8569", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8569" "lang": "eng",
}, "value": "The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments."
{ }
"name" : "http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html", ]
"refsource" : "MISC", },
"url" : "http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt", "description": [
"refsource" : "MISC", {
"url" : "http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html", ]
"refsource" : "CONFIRM", }
"url" : "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html" ]
}, },
{ "references": {
"name" : "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html" "name": "8569",
}, "refsource": "EXPLOIT-DB",
{ "url": "https://www.exploit-db.com/exploits/8569"
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-06.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-06.html" "name": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html",
}, "refsource": "CONFIRM",
{ "url": "http://blogs.adobe.com/psirt/2009/05/adobe_reader_issue_update.html"
"name" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953", },
"refsource" : "CONFIRM", {
"url" : "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953" "name": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953",
}, "refsource": "CONFIRM",
{ "url": "http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=926953"
"name" : "GLSA-200907-06", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200907-06.xml" "name": "http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html",
}, "refsource": "MISC",
{ "url": "http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html"
"name" : "RHSA-2009:0478", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0478.html" "name": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html",
}, "refsource": "CONFIRM",
{ "url": "http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html"
"name" : "259028", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1" "name": "35734",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35734"
"name" : "SUSE-SA:2009:027", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html" "name": "TA09-133B",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA09-133B.html"
"name" : "SUSE-SR:2009:011", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html" "name": "ADV-2009-1189",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1189"
"name" : "TA09-133B", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-133B.html" "name": "http://www.adobe.com/support/security/bulletins/apsb09-06.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.adobe.com/support/security/bulletins/apsb09-06.html"
"name" : "VU#970180", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/970180" "name": "SUSE-SR:2009:011",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
"name" : "34736", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34736" "name": "http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt",
}, "refsource": "MISC",
{ "url": "http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt"
"name" : "54130", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/54130" "name": "GLSA-200907-06",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200907-06.xml"
"name" : "1022139", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022139" "name": "259028",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1"
"name" : "34924", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34924" "name": "SUSE-SA:2009:027",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html"
"name" : "35096", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35096" "name": "34924",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34924"
"name" : "35055", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35055" "name": "ADV-2009-1317",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1317"
"name" : "35152", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35152" "name": "1022139",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1022139"
"name" : "35358", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35358" "name": "35358",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35358"
"name" : "35416", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35416" "name": "35055",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35055"
"name" : "35734", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35734" "name": "VU#970180",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/970180"
"name" : "ADV-2009-1189", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1189" "name": "54130",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/54130"
"name" : "ADV-2009-1317", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1317" "name": "35416",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35416"
"name" : "reader-getannots-code-execution(50145)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50145" "name": "RHSA-2009:0478",
} "refsource": "REDHAT",
] "url": "http://www.redhat.com/support/errata/RHSA-2009-0478.html"
} },
{
"name": "35096",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35096"
},
{
"name": "35152",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35152"
},
{
"name": "34736",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34736"
},
{
"name": "reader-getannots-code-execution(50145)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50145"
}
]
}
} }

268
2009/1xxx/CVE-2009-1695.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1695", "ID": "CVE-2009-1695",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.apple.com/kb/HT3613", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT3613" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving access to frame contents after completion of a page transition."
{ }
"name" : "http://support.apple.com/kb/HT3639", ]
"refsource" : "CONFIRM", },
"url" : "http://support.apple.com/kb/HT3639" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2009-06-08-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2009-06-17-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html" ]
}, },
{ "references": {
"name" : "DSA-1950", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1950" "name": "1022344",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1022344"
"name" : "SUSE-SR:2011:002", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html" "name": "http://support.apple.com/kb/HT3639",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT3639"
"name" : "35260", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35260" "name": "43068",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/43068"
"name" : "35328", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35328" "name": "ADV-2009-1621",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1621"
"name" : "54991", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/54991" "name": "ADV-2011-0212",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2011/0212"
"name" : "1022344", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1022344" "name": "APPLE-SA-2009-06-08-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
"name" : "35379", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35379" "name": "35260",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/35260"
"name" : "37746", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37746" "name": "35328",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/35328"
"name" : "43068", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/43068" "name": "ADV-2009-1522",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1522"
"name" : "ADV-2009-1522", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1522" "name": "37746",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37746"
"name" : "ADV-2009-1621", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1621" "name": "APPLE-SA-2009-06-17-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
"name" : "ADV-2011-0212", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2011/0212" "name": "54991",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/54991"
} },
{
"name": "DSA-1950",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
}
]
}
} }

32
2009/3xxx/CVE-2009-3034.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2009-3034", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2009-3034",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
} }
] ]
} }
} }

148
2009/3xxx/CVE-2009-3202.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3202", "ID": "CVE-2009-3202",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP Forum 2.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0908-exploits/uloki-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0908-exploits/uloki-xss.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP Forum 2.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter."
{ }
"name" : "57176", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/57176" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36407", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36407" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "uloki-search-xss(52611)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52611" ]
} },
] "references": {
} "reference_data": [
{
"name": "uloki-search-xss(52611)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52611"
},
{
"name": "36407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36407"
},
{
"name": "http://packetstormsecurity.org/0908-exploits/uloki-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0908-exploits/uloki-xss.txt"
},
{
"name": "57176",
"refsource": "OSVDB",
"url": "http://osvdb.org/57176"
}
]
}
} }

148
2009/4xxx/CVE-2009-4158.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4158", "ID": "CVE-2009-4158",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://typo3.org/extensions/repository/view/cal/1.2.1/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://typo3.org/extensions/repository/view/cal/1.2.1/" "lang": "eng",
}, "value": "SQL injection vulnerability in the Calendar Base (cal) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
{ }
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-019/", ]
"refsource" : "CONFIRM", },
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-019/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37164", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37164" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37549", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/37549" ]
} },
] "references": {
} "reference_data": [
{
"name": "http://typo3.org/extensions/repository/view/cal/1.2.1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/cal/1.2.1/"
},
{
"name": "37549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37549"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-019/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-019/"
},
{
"name": "37164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37164"
}
]
}
} }

188
2009/4xxx/CVE-2009-4246.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4246", "ID": "CVE-2009-4246",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20100121 ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/509104/100/0/threaded" "lang": "eng",
}, "value": "Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allows user-assisted remote attackers to execute arbitrary code via a malformed .RJS skin file that contains a web.xmb file with crafted length values."
{ }
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-10-010/", ]
"refsource" : "MISC", },
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-10-010/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://service.real.com/realplayer/security/01192010_player/en/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://service.real.com/realplayer/security/01192010_player/en/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37880", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/37880" ]
}, },
{ "references": {
"name" : "1023489", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023489" "name": "ADV-2010-0178",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0178"
"name" : "38218", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38218" "name": "realplayer-skin-bo(55799)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55799"
"name" : "ADV-2010-0178", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0178" "name": "1023489",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1023489"
"name" : "realplayer-skin-bo(55799)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55799" "name": "http://service.real.com/realplayer/security/01192010_player/en/",
} "refsource": "CONFIRM",
] "url": "http://service.real.com/realplayer/security/01192010_player/en/"
} },
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-10-010/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-10-010/"
},
{
"name": "20100121 ZDI-10-010: RealNetworks RealPlayer Skin Parsing Remote Code Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509104/100/0/threaded"
},
{
"name": "38218",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38218"
},
{
"name": "37880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37880"
}
]
}
} }

138
2009/4xxx/CVE-2009-4371.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4371", "ID": "CVE-2009-4371",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with \"administer languages\" permissions to inject arbitrary web script or HTML via the (1) Language name in English or (2) Native language name fields in the Custom language form."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.madirish.net/?article=442", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.madirish.net/?article=442" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Locale module (modules/locale/locale.module) in Drupal Core 6.14, and possibly other versions including 6.15, allows remote authenticated users with \"administer languages\" permissions to inject arbitrary web script or HTML via the (1) Language name in English or (2) Native language name fields in the Custom language form."
{ }
"name" : "37825", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/37825" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "drupal-locale-xss(54873)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54873" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "drupal-locale-xss(54873)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54873"
},
{
"name": "37825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37825"
},
{
"name": "http://www.madirish.net/?article=442",
"refsource": "MISC",
"url": "http://www.madirish.net/?article=442"
}
]
}
} }

168
2009/4xxx/CVE-2009-4429.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4429", "ID": "CVE-2009-4429",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with \"administer sections\" privileges to inject arbitrary web script or HTML via a section name (aka the Name field)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.madirish.net/?article=440", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.madirish.net/?article=440" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Sections module 5.x before 5.x-1.3 and 6.x before 6.x-1.3 for Drupal allows remote authenticated users with \"administer sections\" privileges to inject arbitrary web script or HTML via a section name (aka the Name field)."
{ }
"name" : "http://drupal.org/node/661404", ]
"refsource" : "CONFIRM", },
"url" : "http://drupal.org/node/661404" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37371", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37371" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "61107", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/61107" ]
}, },
{ "references": {
"name" : "37752", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37752" "name": "37371",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37371"
"name" : "sections-sections-xss(54860)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54860" "name": "61107",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/61107"
} },
{
"name": "37752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37752"
},
{
"name": "http://www.madirish.net/?article=440",
"refsource": "MISC",
"url": "http://www.madirish.net/?article=440"
},
{
"name": "sections-sections-xss(54860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54860"
},
{
"name": "http://drupal.org/node/661404",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/661404"
}
]
}
} }

168
2009/4xxx/CVE-2009-4823.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4823", "ID": "CVE-2009-4823",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "10519", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/10519" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in frontend/x3/files/fileop.html in cPanel 11.0 through 11.24.7 allows remote attackers to inject arbitrary web script or HTML via the fileop parameter."
{ }
"name" : "http://www.cpanel.net/2009/12/cpanel-cross-site-scripting-vulnerability.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.cpanel.net/2009/12/cpanel-cross-site-scripting-vulnerability.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37394", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37394" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "61231", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/61231" ]
}, },
{ "references": {
"name" : "37826", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37826" "name": "37826",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37826"
"name" : "ADV-2009-3608", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3608" "name": "10519",
} "refsource": "EXPLOIT-DB",
] "url": "http://www.exploit-db.com/exploits/10519"
} },
{
"name": "ADV-2009-3608",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3608"
},
{
"name": "37394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37394"
},
{
"name": "61231",
"refsource": "OSVDB",
"url": "http://osvdb.org/61231"
},
{
"name": "http://www.cpanel.net/2009/12/cpanel-cross-site-scripting-vulnerability.html",
"refsource": "CONFIRM",
"url": "http://www.cpanel.net/2009/12/cpanel-cross-site-scripting-vulnerability.html"
}
]
}
} }

32
2012/2xxx/CVE-2012-2254.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-2254", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-2254",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

188
2012/2xxx/CVE-2012-2318.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-2318", "ID": "CVE-2012-2318",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://hg.pidgin.im/pidgin/main/rev/4d6bcb4f4ea4", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://hg.pidgin.im/pidgin/main/rev/4d6bcb4f4ea4" "lang": "eng",
}, "value": "msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 does not properly handle crafted characters, which allows remote servers to cause a denial of service (application crash) by placing these characters in a text/plain message."
{ }
"name" : "http://pidgin.im/news/security/?id=63", ]
"refsource" : "CONFIRM", },
"url" : "http://pidgin.im/news/security/?id=63" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2012:082", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:082" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2012:1102", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1102.html" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2012:0866", "reference_data": [
"refsource" : "SUSE", {
"url" : "https://hermes.opensuse.org/messages/15136503" "name": "53400",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/53400"
"name" : "53400", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/53400" "name": "http://hg.pidgin.im/pidgin/main/rev/4d6bcb4f4ea4",
}, "refsource": "CONFIRM",
{ "url": "http://hg.pidgin.im/pidgin/main/rev/4d6bcb4f4ea4"
"name" : "oval:org.mitre.oval:def:17448", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17448" "name": "http://pidgin.im/news/security/?id=63",
}, "refsource": "CONFIRM",
{ "url": "http://pidgin.im/news/security/?id=63"
"name" : "50005", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50005" "name": "MDVSA-2012:082",
} "refsource": "MANDRIVA",
] "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:082"
} },
{
"name": "oval:org.mitre.oval:def:17448",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17448"
},
{
"name": "50005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50005"
},
{
"name": "openSUSE-SU-2012:0866",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15136503"
},
{
"name": "RHSA-2012:1102",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1102.html"
}
]
}
} }

178
2012/2xxx/CVE-2012-2390.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-2390", "ID": "CVE-2012-2390",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service (memory consumption or system crash) via invalid MAP_HUGETLB mmap operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20120523 Re: CVE Request -- kernel: huge pages: memory leak on mmap failure", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2012/05/23/14" "lang": "eng",
}, "value": "Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows local users to cause a denial of service (memory consumption or system crash) via invalid MAP_HUGETLB mmap operations."
{ }
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c50ac050811d6485616a193eb0f37bfbd191cc89", ]
"refsource" : "CONFIRM", },
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c50ac050811d6485616a193eb0f37bfbd191cc89" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.2", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=824345", ]
"refsource" : "CONFIRM", }
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=824345" ]
}, },
{ "references": {
"name" : "https://github.com/torvalds/linux/commit/c50ac050811d6485616a193eb0f37bfbd191cc89", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/c50ac050811d6485616a193eb0f37bfbd191cc89" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c50ac050811d6485616a193eb0f37bfbd191cc89",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=c50ac050811d6485616a193eb0f37bfbd191cc89"
"name" : "USN-1515-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1515-1" "name": "USN-1515-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-1515-1"
"name" : "USN-1535-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1535-1" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=824345",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.redhat.com/show_bug.cgi?id=824345"
} },
{
"name": "USN-1535-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1535-1"
},
{
"name": "[oss-security] 20120523 Re: CVE Request -- kernel: huge pages: memory leak on mmap failure",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/23/14"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.2",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.2"
},
{
"name": "https://github.com/torvalds/linux/commit/c50ac050811d6485616a193eb0f37bfbd191cc89",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/c50ac050811d6485616a193eb0f37bfbd191cc89"
}
]
}
} }

198
2012/2xxx/CVE-2012-2520.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2012-2520", "ID": "CVE-2012-2520",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS12-066", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka \"HTML Sanitization Vulnerability.\""
{ }
"name" : "TA12-283A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-283A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "55797", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/55797" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:14976", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976" ]
}, },
{ "references": {
"name" : "1027625", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027625" "name": "55797",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/55797"
"name" : "1027627", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027627" "name": "oval:org.mitre.oval:def:14976",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14976"
"name" : "1027628", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027628" "name": "1027628",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027628"
"name" : "1027629", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027629" "name": "1027626",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1027626"
"name" : "1027626", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1027626" "name": "1027629",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id?1027629"
} },
{
"name": "1027627",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027627"
},
{
"name": "TA12-283A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-283A.html"
},
{
"name": "MS12-066",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-066"
},
{
"name": "1027625",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027625"
}
]
}
} }

188
2012/2xxx/CVE-2012-2831.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2012-2831", "ID": "CVE-2012-2831",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://code.google.com/p/chromium/issues/detail?id=130356", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://code.google.com/p/chromium/issues/detail?id=130356" "lang": "eng",
}, "value": "Use-after-free vulnerability in Google Chrome before 20.0.1132.43 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG references."
{ }
"name" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html", ]
"refsource" : "CONFIRM", },
"url" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT5485", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT5485" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.apple.com/kb/HT5502", ]
"refsource" : "CONFIRM", }
"url" : "http://support.apple.com/kb/HT5502" ]
}, },
{ "references": {
"name" : "APPLE-SA-2012-09-12-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html" "name": "APPLE-SA-2012-09-19-3",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
"name" : "APPLE-SA-2012-09-19-3", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html" "name": "openSUSE-SU-2012:0813",
}, "refsource": "SUSE",
{ "url": "https://hermes.opensuse.org/messages/15075728"
"name" : "openSUSE-SU-2012:0813", },
"refsource" : "SUSE", {
"url" : "https://hermes.opensuse.org/messages/15075728" "name": "http://support.apple.com/kb/HT5485",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT5485"
"name" : "oval:org.mitre.oval:def:14708", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14708" "name": "http://support.apple.com/kb/HT5502",
} "refsource": "CONFIRM",
] "url": "http://support.apple.com/kb/HT5502"
} },
{
"name": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=130356",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=130356"
},
{
"name": "oval:org.mitre.oval:def:14708",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14708"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
}
]
}
} }

158
2012/2xxx/CVE-2012-2905.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-2905", "ID": "CVE-2012-2905",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18889", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/18889" "lang": "eng",
}, "value": "Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable names under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request."
{ }
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5091.php", ]
"refsource" : "MISC", },
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5091.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "81991", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/81991" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "49195", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/49195" ]
}, },
{ "references": {
"name" : "artiphp-database-info-disclosure(75690)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75690" "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5091.php",
} "refsource": "MISC",
] "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5091.php"
} },
{
"name": "artiphp-database-info-disclosure(75690)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75690"
},
{
"name": "81991",
"refsource": "OSVDB",
"url": "http://osvdb.org/81991"
},
{
"name": "49195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49195"
},
{
"name": "18889",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18889"
}
]
}
} }

32
2012/3xxx/CVE-2012-3858.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3858", "ID": "CVE-2012-3858",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

268
2012/3xxx/CVE-2012-3994.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-3994", "ID": "CVE-2012-3994",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-82.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-82.html" "lang": "eng",
}, "value": "Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before 2.13 allow remote attackers to conduct cross-site scripting (XSS) attacks via a binary plugin that uses Object.defineProperty to shadow the top object, and leverages the relationship between top.location and the location property."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=765527", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=765527" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "MDVSA-2012:163", "description": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2012:1351", ]
"refsource" : "REDHAT", }
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1351.html" ]
}, },
{ "references": {
"name" : "SUSE-SU-2012:1351", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html" "name": "50904",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50904"
"name" : "USN-1611-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-1611-1" "name": "50984",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50984"
"name" : "56118", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/56118" "name": "50935",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50935"
"name" : "86110", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/86110" "name": "86110",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/86110"
"name" : "oval:org.mitre.oval:def:16798", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16798" "name": "50856",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50856"
"name" : "50856", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50856" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=765527",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=765527"
"name" : "50892", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50892" "name": "50892",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50892"
"name" : "50904", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50904" "name": "56118",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/56118"
"name" : "50935", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50935" "name": "RHSA-2012:1351",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2012-1351.html"
"name" : "50936", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50936" "name": "50936",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/50936"
"name" : "50984", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/50984" "name": "55318",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/55318"
"name" : "55318", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/55318" "name": "SUSE-SU-2012:1351",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00010.html"
} },
{
"name": "MDVSA-2012:163",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:163"
},
{
"name": "oval:org.mitre.oval:def:16798",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16798"
},
{
"name": "USN-1611-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1611-1"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-82.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-82.html"
}
]
}
} }

138
2012/6xxx/CVE-2012-6043.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6043", "ID": "CVE-2012-6043",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/files/view/108542/phpfusion70204-xss.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/files/view/108542/phpfusion70204-xss.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter."
{ }
"name" : "51365", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/51365" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "phpfusion-downloads-xss(72311)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/72311" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "phpfusion-downloads-xss(72311)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72311"
},
{
"name": "51365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51365"
},
{
"name": "http://packetstormsecurity.org/files/view/108542/phpfusion70204-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/view/108542/phpfusion70204-xss.txt"
}
]
}
} }

148
2012/6xxx/CVE-2012-6143.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2012-6143", "ID": "CVE-2012-6143",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20130514 Re: CVE Request: Storable::thaw called on cookie data in multiple CPAN modules", "description_data": [
"refsource" : "MLIST", {
"url" : "http://seclists.org/oss-sec/2013/q2/318" "lang": "eng",
}, "value": "Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it is deserialized."
{ }
"name" : "https://rt.cpan.org/Public/Bug/Display.html?id=85217", ]
"refsource" : "MISC", },
"url" : "https://rt.cpan.org/Public/Bug/Display.html?id=85217" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "59834", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/59834" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "spoon-cve20126143-sec-bypass(84197)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/84197" ]
} },
] "references": {
} "reference_data": [
{
"name": "spoon-cve20126143-sec-bypass(84197)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84197"
},
{
"name": "[oss-security] 20130514 Re: CVE Request: Storable::thaw called on cookie data in multiple CPAN modules",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q2/318"
},
{
"name": "59834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/59834"
},
{
"name": "https://rt.cpan.org/Public/Bug/Display.html?id=85217",
"refsource": "MISC",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=85217"
}
]
}
} }

32
2012/6xxx/CVE-2012-6376.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6376", "ID": "CVE-2012-6376",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

208
2015/1xxx/CVE-2015-1277.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2015-1277", "ID": "CVE-2015-1277",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html" "lang": "eng",
}, "value": "Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=479743", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=479743" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://codereview.chromium.org/1144363004/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://codereview.chromium.org/1144363004/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://codereview.chromium.org/1151393006/", ]
"refsource" : "CONFIRM", }
"url" : "https://codereview.chromium.org/1151393006/" ]
}, },
{ "references": {
"name" : "DSA-3315", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3315" "name": "https://code.google.com/p/chromium/issues/detail?id=479743",
}, "refsource": "CONFIRM",
{ "url": "https://code.google.com/p/chromium/issues/detail?id=479743"
"name" : "GLSA-201603-09", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201603-09" "name": "RHSA-2015:1499",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
"name" : "RHSA-2015:1499", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1499.html" "name": "openSUSE-SU-2015:1287",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
"name" : "openSUSE-SU-2015:1287", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html" "name": "1033031",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1033031"
"name" : "75973", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75973" "name": "https://codereview.chromium.org/1144363004/",
}, "refsource": "CONFIRM",
{ "url": "https://codereview.chromium.org/1144363004/"
"name" : "1033031", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033031" "name": "GLSA-201603-09",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201603-09"
} },
{
"name": "https://codereview.chromium.org/1151393006/",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1151393006/"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
}
]
}
} }

32
2015/1xxx/CVE-2015-1524.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1524", "ID": "CVE-2015-1524",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2015/1xxx/CVE-2015-1997.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-1997", "ID": "CVE-2015-1997",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21970140", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21970140" "lang": "eng",
} "value": "Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar Vulnerability Manager 7.2.x before 7.2.5 Patch 5 allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21970140",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21970140"
}
]
}
} }

258
2015/5xxx/CVE-2015-5123.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2015-5123", "ID": "CVE-2015-5123",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak/", "description_data": [
"refsource" : "MISC", {
"url" : "http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak/" "lang": "eng",
}, "value": "Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that overrides a valueOf function, as exploited in the wild in July 2015."
{ }
"name" : "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html", ]
"refsource" : "CONFIRM", },
"url" : "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201508-01", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201508-01" ]
}, },
{ "references": {
"name" : "HPSBHF03509", "reference_data": [
"refsource" : "HP", {
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784" "name": "1032890",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1032890"
"name" : "SSRT102253", },
"refsource" : "HP", {
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784" "name": "SUSE-SU-2015:1255",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html"
"name" : "HPSBMU03409", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2" "name": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak/",
}, "refsource": "MISC",
{ "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/new-zero-day-vulnerability-cve-2015-5123-in-adobe-flash-emerges-from-hacking-team-leak/"
"name" : "RHSA-2015:1235", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1235.html" "name": "HPSBMU03409",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
"name" : "SUSE-SU-2015:1255", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html" "name": "TA15-195A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/ncas/alerts/TA15-195A"
"name" : "SUSE-SU-2015:1258", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html" "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html",
}, "refsource": "CONFIRM",
{ "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html"
"name" : "openSUSE-SU-2015:1267", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html" "name": "VU#918568",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/918568"
"name" : "TA15-195A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/ncas/alerts/TA15-195A" "name": "SUSE-SU-2015:1258",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html"
"name" : "VU#918568", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/918568" "name": "GLSA-201508-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201508-01"
"name" : "75710", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75710" "name": "HPSBHF03509",
}, "refsource": "HP",
{ "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"
"name" : "1032890", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032890" "name": "RHSA-2015:1235",
} "refsource": "REDHAT",
] "url": "http://rhn.redhat.com/errata/RHSA-2015-1235.html"
} },
{
"name": "SSRT102253",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"
},
{
"name": "75710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75710"
},
{
"name": "openSUSE-SU-2015:1267",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html"
}
]
}
} }

32
2015/5xxx/CVE-2015-5393.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5393", "ID": "CVE-2015-5393",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2015/5xxx/CVE-2015-5989.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2015-5989", "ID": "CVE-2015-5989",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#201168", "description_data": [
"refsource" : "CERT-VN", {
"url" : "https://www.kb.cert.org/vuls/id/201168" "lang": "eng",
} "value": "Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#201168",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/201168"
}
]
}
} }

138
2018/11xxx/CVE-2018-11189.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11189", "ID": "CVE-2018-11189",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2018/May/71" "lang": "eng",
}, "value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows privilege escalation (issue 1 of 6)."
{ }
"name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities", "description": [
"refsource" : "MISC", {
"url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/71"
},
{
"name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html"
},
{
"name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities"
}
]
}
} }

32
2018/11xxx/CVE-2018-11661.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11661", "ID": "CVE-2018-11661",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2018/11xxx/CVE-2018-11818.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2018-11818", "ID": "CVE-2018-11818",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android", "product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All Android releases from CAF using the Linux kernel" "version_value": "All Android releases from CAF using the Linux kernel"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use After Free in Display"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7d1e40be0f7da526f1109005383aa55f5646fc13", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7d1e40be0f7da526f1109005383aa55f5646fc13" "lang": "eng",
}, "value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition."
{ }
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=999bfde119d881a09218eb045d41fb83e67f0d10", ]
"refsource" : "CONFIRM", },
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=999bfde119d881a09218eb045d41fb83e67f0d10" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin" "lang": "eng",
} "value": "Use After Free in Display"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7d1e40be0f7da526f1109005383aa55f5646fc13",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7d1e40be0f7da526f1109005383aa55f5646fc13"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=999bfde119d881a09218eb045d41fb83e67f0d10",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=999bfde119d881a09218eb045d41fb83e67f0d10"
}
]
}
} }

128
2018/11xxx/CVE-2018-11918.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"ID" : "CVE-2018-11918", "ID": "CVE-2018-11918",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with an error code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=5ca16318bf1a409e9e5c169dc5b7f0821e5323d7", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=5ca16318bf1a409e9e5c169dc5b7f0821e5323d7" "lang": "eng",
}, "value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated is automatically released by the kernel if the 'probe' function fails with an error code."
{ }
"name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin", ]
"refsource" : "CONFIRM", },
"url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=5ca16318bf1a409e9e5c169dc5b7f0821e5323d7",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=5ca16318bf1a409e9e5c169dc5b7f0821e5323d7"
}
]
}
} }

118
2018/15xxx/CVE-2018-15318.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "f5sirt@f5.com", "ASSIGNER": "f5sirt@f5.com",
"ID" : "CVE-2018-15318", "ID": "CVE-2018-15318",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)", "product_name": "BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, FPS, GTM, Link Controller, PEM, WebAccelerator)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, 12.1.3.4-12.1.3.6" "version_value": "14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, 12.1.3.4-12.1.3.6"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "F5 Networks, Inc." "vendor_name": "F5 Networks, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete. TMM may restart and produce a core file as a result of this condition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "DoS"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.f5.com/csp/article/K16248201", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.f5.com/csp/article/K16248201" "lang": "eng",
} "value": "In BIG-IP 14.0.0-14.0.0.2, 13.1.0.4-13.1.1.1, or 12.1.3.4-12.1.3.6, If an MPTCP connection receives an abort signal while the initial flow is not the primary flow, the initial flow will remain after the closing procedure is complete. TMM may restart and produce a core file as a result of this condition."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "DoS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.f5.com/csp/article/K16248201",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K16248201"
}
]
}
} }

164
2018/15xxx/CVE-2018-15405.json
View File

@ -1,85 +1,85 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@cisco.com", "ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC" : "2018-10-03T16:00:00-0500", "DATE_PUBLIC": "2018-10-03T16:00:00-0500",
"ID" : "CVE-2018-15405", "ID": "CVE-2018-15405",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "Cisco Integrated Management Controller Supervisor and Cisco UCS Director Authenticated Web Interface Information Disclosure Vulnerability" "TITLE": "Cisco Integrated Management Controller Supervisor and Cisco UCS Director Authenticated Web Interface Information Disclosure Vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Cisco Unified Computing System Director ", "product_name": "Cisco Unified Computing System Director ",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Cisco" "vendor_name": "Cisco"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. An attacker who has valid application credentials could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional reconnaissance attacks."
}
]
},
"impact" : {
"cvss" : {
"baseScore" : "6.5",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20181003 Cisco Integrated Management Controller Supervisor and Cisco UCS Director Authenticated Web Interface Information Disclosure Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-id" "lang": "eng",
}, "value": "A vulnerability in the web interface for specific feature sets of Cisco Integrated Management Controller (IMC) Supervisor and Cisco UCS Director could allow an authenticated, remote attacker to access sensitive information. The vulnerability is due to an authorization check that does not properly include the access level of the web interface user. An attacker who has valid application credentials could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to view sensitive information that belongs to other users. The attacker could then use this information to conduct additional reconnaissance attacks."
{ }
"name" : "1041779", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041779" "impact": {
} "cvss": {
] "baseScore": "6.5",
}, "version": "3.0"
"source" : { }
"advisory" : "cisco-sa-20181003-imcs-ucsd-id", },
"defect" : [ "problemtype": {
[ "problemtype_data": [
"CSCvj95420", {
"CSCvk10260" "description": [
] {
], "lang": "eng",
"discovery" : "UNKNOWN" "value": "CWE-285"
} }
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041779",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041779"
},
{
"name": "20181003 Cisco Integrated Management Controller Supervisor and Cisco UCS Director Authenticated Web Interface Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-imcs-ucsd-id"
}
]
},
"source": {
"advisory": "cisco-sa-20181003-imcs-ucsd-id",
"defect": [
[
"CSCvj95420",
"CSCvk10260"
]
],
"discovery": "UNKNOWN"
}
} }

138
2018/15xxx/CVE-2018-15947.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@adobe.com", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2018-15947", "ID": "CVE-2018-15947",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Adobe Acrobat and Reader", "product_name": "Adobe Acrobat and Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions" "version_value": "2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Adobe" "vendor_name": "Adobe"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-bounds read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html" "lang": "eng",
}, "value": "Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011.30102 and earlier, and 2015.006.30452 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
{ }
"name" : "105439", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105439" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041809", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041809" "lang": "eng",
} "value": "Out-of-bounds read"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1041809",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041809"
},
{
"name": "105439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105439"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-30.html"
}
]
}
} }

140
2018/3xxx/CVE-2018-3088.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3088", "ID": "CVE-2018-3088",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "VM VirtualBox", "product_name": "VM VirtualBox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "5.2.16" "version_value": "5.2.16"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)."
{ }
"name" : "104764", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104764" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041296", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041296" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104764"
},
{
"name": "1041296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041296"
}
]
}
} }

140
2018/3xxx/CVE-2018-3273.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3273", "ID": "CVE-2018-3273",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Solaris Operating System", "product_name": "Solaris Operating System",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "11.3" "version_value": "11.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon (RAD)). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" "lang": "eng",
}, "value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Remote Administration Daemon (RAD)). The supported version that is affected is 11.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N)."
{ }
"name" : "105604", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105604" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041895", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041895" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Solaris accessible data as well as unauthorized access to critical data or complete access to all Solaris accessible data."
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1041895",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041895"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "105604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105604"
}
]
}
} }

32
2018/3xxx/CVE-2018-3353.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3353", "ID": "CVE-2018-3353",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/3xxx/CVE-2018-3558.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3558", "ID": "CVE-2018-3558",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

118
2018/8xxx/CVE-2018-8049.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8049", "ID": "CVE-2018-8049",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=48", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=48" "lang": "eng",
} "value": "The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before 3.0.1999, 3.1.x, 3.2.x before 3.2.030, and 3.3.x before 3.3.016, when running on Linux and AIX, allows remote attackers to cause a denial of service (crash) via crafted packets."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=48",
"refsource": "CONFIRM",
"url": "http://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=48"
}
]
}
} }

128
2018/8xxx/CVE-2018-8099.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8099", "ID": "CVE-2018-8099",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe" "lang": "eng",
}, "value": "Incorrect returning of an error code in the index.c:read_entry() function leads to a double free in libgit2 before v0.26.2, which allows an attacker to cause a denial of service via a crafted repository index file."
{ }
"name" : "https://libgit2.github.com/security/", ]
"refsource" : "CONFIRM", },
"url" : "https://libgit2.github.com/security/" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://libgit2.github.com/security/",
"refsource": "CONFIRM",
"url": "https://libgit2.github.com/security/"
},
{
"name": "https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe",
"refsource": "CONFIRM",
"url": "https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe"
}
]
}
} }

466
2018/8xxx/CVE-2018-8562.json
View File

@ -1,236 +1,236 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8562", "ID": "CVE-2018-8562",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Windows 7", "product_name": "Windows 7",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 1" "version_value": "32-bit Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012 R2", "product_name": "Windows Server 2012 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows RT 8.1", "product_name": "Windows RT 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows RT 8.1" "version_value": "Windows RT 8.1"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008", "product_name": "Windows Server 2008",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems Service Pack 2" "version_value": "32-bit Systems Service Pack 2"
}, },
{ {
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)" "version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
}, },
{ {
"version_value" : "Itanium-Based Systems Service Pack 2" "version_value": "Itanium-Based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2" "version_value": "x64-based Systems Service Pack 2"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)" "version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2019", "product_name": "Windows Server 2019",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2012", "product_name": "Windows Server 2012",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 8.1", "product_name": "Windows 8.1",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit systems" "version_value": "32-bit systems"
}, },
{ {
"version_value" : "x64-based systems" "version_value": "x64-based systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2016", "product_name": "Windows Server 2016",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "(Server Core installation)" "version_value": "(Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows Server 2008 R2", "product_name": "Windows Server 2008 R2",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Itanium-Based Systems Service Pack 1" "version_value": "Itanium-Based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1" "version_value": "x64-based Systems Service Pack 1"
}, },
{ {
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)" "version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10", "product_name": "Windows 10",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "32-bit Systems" "version_value": "32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for 32-bit Systems" "version_value": "Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1607 for x64-based Systems" "version_value": "Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1703 for 32-bit Systems" "version_value": "Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1703 for x64-based Systems" "version_value": "Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1709 for 32-bit Systems" "version_value": "Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1709 for ARM64-based Systems" "version_value": "Version 1709 for ARM64-based Systems"
}, },
{ {
"version_value" : "Version 1709 for x64-based Systems" "version_value": "Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1803 for 32-bit Systems" "version_value": "Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1803 for ARM64-based Systems" "version_value": "Version 1803 for ARM64-based Systems"
}, },
{ {
"version_value" : "Version 1803 for x64-based Systems" "version_value": "Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Version 1809 for 32-bit Systems" "version_value": "Version 1809 for 32-bit Systems"
}, },
{ {
"version_value" : "Version 1809 for ARM64-based Systems" "version_value": "Version 1809 for ARM64-based Systems"
}, },
{ {
"version_value" : "Version 1809 for x64-based Systems" "version_value": "Version 1809 for x64-based Systems"
}, },
{ {
"version_value" : "x64-based Systems" "version_value": "x64-based Systems"
} }
] ]
} }
}, },
{ {
"product_name" : "Windows 10 Servers", "product_name": "Windows 10 Servers",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "version 1709 (Server Core Installation)" "version_value": "version 1709 (Server Core Installation)"
}, },
{ {
"version_value" : "version 1803 (Server Core Installation)" "version_value": "version 1803 (Server Core Installation)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8562", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8562" "lang": "eng",
}, "value": "An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka \"Win32k Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
{ }
"name" : "105790", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105790" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8562",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8562"
},
{
"name": "105790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105790"
}
]
}
} }

170
2018/8xxx/CVE-2018-8791.json
View File

@ -1,88 +1,88 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@checkpoint.com", "ASSIGNER": "cve@checkpoint.com",
"DATE_PUBLIC" : "2019-02-05T00:00:00", "DATE_PUBLIC": "2019-02-05T00:00:00",
"ID" : "CVE-2018-8791", "ID": "CVE-2018-8791",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "rdesktop", "product_name": "rdesktop",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions up to and including v1.8.3" "version_value": "All versions up to and including v1.8.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Check Point Software Technologies Ltd." "vendor_name": "Check Point Software Technologies Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-126: Buffer Over-read"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html" "lang": "eng",
}, "value": "rdesktop versions up to and including v1.8.3 contain an Out-Of-Bounds Read in function rdpdr_process() that results in an information leak."
{ }
"name" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/", ]
"refsource" : "CONFIRM", },
"url" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1", "description": [
"refsource" : "MISC", {
"url" : "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1" "lang": "eng",
}, "value": "CWE-126: Buffer Over-read"
{ }
"name" : "DSA-4394", ]
"refsource" : "DEBIAN", }
"url" : "https://www.debian.org/security/2019/dsa-4394" ]
}, },
{ "references": {
"name" : "GLSA-201903-06", "reference_data": [
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201903-06" "name": "106938",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/106938"
"name" : "106938", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/106938" "name": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1",
} "refsource": "MISC",
] "url": "https://github.com/rdesktop/rdesktop/commit/4dca546d04321a610c1835010b5dad85163b65e1"
} },
{
"name": "GLSA-201903-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201903-06"
},
{
"name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
"refsource": "CONFIRM",
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name": "DSA-4394",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4394"
},
{
"name": "[debian-lts-announce] 20190219 [SECURITY] [DLA 1683-1] rdesktop security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/02/msg00030.html"
}
]
}
} }