admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:18:59 +00:00
parent 6fd97d2092
commit 441322f3d6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3994 additions and 3994 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2005/0xxx/CVE-2005-0578.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/mfsa2005-28.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/mfsa2005-28.html"
},
{
"name" : "GLSA-200503-10",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name" : "GLSA-200503-30",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name" : "RHSA-2005:176",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"name" : "RHSA-2005:384",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name" : "12659",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12659"
},
{
"name" : "oval:org.mitre.oval:def:10954",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10954"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12659"
},
{
"name": "http://www.mozilla.org/security/announce/mfsa2005-28.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/mfsa2005-28.html"
},
{
"name": "RHSA-2005:176",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"name": "RHSA-2005:384",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-384.html"
},
{
"name": "GLSA-200503-30",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name": "GLSA-200503-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name": "oval:org.mitre.oval:def:10954",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10954"
}
]
}
}

170
2005/2xxx/CVE-2005-2344.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.0 to version 4.0 Service Pack 2 allows attackers to cause a denial of service via a malformed Portable Network Graphics (PNG) file that triggers a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2005-2344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#646976",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/646976"
},
{
"name" : "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/728075/728850/728215/?nodeid=1167794",
"refsource" : "CONFIRM",
"url" : "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/728075/728850/728215/?nodeid=1167794"
},
{
"name" : "16204",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16204"
},
{
"name" : "ADV-2006-0127",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0127"
},
{
"name" : "18393",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18393"
},
{
"name" : "blackberry-attachment-png-bo(24063)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24063"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.0 to version 4.0 Service Pack 2 allows attackers to cause a denial of service via a malformed Portable Network Graphics (PNG) file that triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18393",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18393"
},
{
"name": "blackberry-attachment-png-bo(24063)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24063"
},
{
"name": "16204",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16204"
},
{
"name": "ADV-2006-0127",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0127"
},
{
"name": "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/728075/728850/728215/?nodeid=1167794",
"refsource": "CONFIRM",
"url": "http://www.blackberry.com/knowledgecenterpublic/livelink.exe/fetch/2000/8021/728075/728850/728215/?nodeid=1167794"
},
{
"name": "VU#646976",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/646976"
}
]
}
}

140
2005/2xxx/CVE-2005-2377.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MDKSA-2005:121",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:121"
},
{
"name" : "http://qa.mandriva.com/show_bug.cgi?id=13271",
"refsource" : "MISC",
"url" : "http://qa.mandriva.com/show_bug.cgi?id=13271"
},
{
"name" : "nssldap-sigpipe-dos(40501)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/40501"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "nssldap-sigpipe-dos(40501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/40501"
},
{
"name": "http://qa.mandriva.com/show_bug.cgi?id=13271",
"refsource": "MISC",
"url": "http://qa.mandriva.com/show_bug.cgi?id=13271"
},
{
"name": "MDKSA-2005:121",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:121"
}
]
}
}

220
2005/2xxx/CVE-2005-2804.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2804",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050927 [ISR] - Novell GroupWise Client Integer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112784386426802&w=2"
},
{
"name" : "20050927 [ISR] - Novell GroupWise Client Integer Overflow",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037442.html"
},
{
"name" : "20050927 Re: [ISR] - Novell GroupWise Client Integer Overflow",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0763.html"
},
{
"name" : "http://www.infobyte.com.ar/adv/ISR-13.html",
"refsource" : "MISC",
"url" : "http://www.infobyte.com.ar/adv/ISR-13.html"
},
{
"name" : "http://support.novell.com/techcenter/search/search.do?cmd=displayKC&docType=%20c&externalId=10098814html&sliceId=&dialogID=717171",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/techcenter/search/search.do?cmd=displayKC&docType=%20c&externalId=10098814html&sliceId=&dialogID=717171"
},
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098814.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098814.htm"
},
{
"name" : "14952",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14952"
},
{
"name" : "19862",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19862"
},
{
"name" : "1014977",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014977"
},
{
"name" : "28",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/28"
},
{
"name" : "novell-groupwise-port-number-overflow(22419)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22419"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the registry parsing code in GroupWise 6.5.3, and possibly earlier version, allows remote attackers to cause a denial of service (application crash) via a large TCP/IP port in the Windows registry key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050927 Re: [ISR] - Novell GroupWise Client Integer Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0763.html"
},
{
"name": "19862",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19862"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098814.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/10098814.htm"
},
{
"name": "http://support.novell.com/techcenter/search/search.do?cmd=displayKC&docType=%20c&externalId=10098814html&sliceId=&dialogID=717171",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/search/search.do?cmd=displayKC&docType=%20c&externalId=10098814html&sliceId=&dialogID=717171"
},
{
"name": "novell-groupwise-port-number-overflow(22419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22419"
},
{
"name": "20050927 [ISR] - Novell GroupWise Client Integer Overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-September/037442.html"
},
{
"name": "http://www.infobyte.com.ar/adv/ISR-13.html",
"refsource": "MISC",
"url": "http://www.infobyte.com.ar/adv/ISR-13.html"
},
{
"name": "1014977",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014977"
},
{
"name": "14952",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14952"
},
{
"name": "20050927 [ISR] - Novell GroupWise Client Integer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112784386426802&w=2"
},
{
"name": "28",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/28"
}
]
}
}

190
2005/2xxx/CVE-2005-2918.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2918",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050915 gtkdiskfree insecure temporary file creation",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112680706715109&w=2"
},
{
"name" : "http://www.zataz.net/adviso/gtkdiskfree-09052005.txt",
"refsource" : "MISC",
"url" : "http://www.zataz.net/adviso/gtkdiskfree-09052005.txt"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=104565",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=104565"
},
{
"name" : "DSA-822",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-822"
},
{
"name" : "GLSA-200510-01",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-01.xml"
},
{
"name" : "17005",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17005"
},
{
"name" : "16951",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16951"
},
{
"name" : "17056",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17056"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050915 gtkdiskfree insecure temporary file creation",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112680706715109&w=2"
},
{
"name": "17056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17056"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=104565",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=104565"
},
{
"name": "GLSA-200510-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-01.xml"
},
{
"name": "16951",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16951"
},
{
"name": "http://www.zataz.net/adviso/gtkdiskfree-09052005.txt",
"refsource": "MISC",
"url": "http://www.zataz.net/adviso/gtkdiskfree-09052005.txt"
},
{
"name": "DSA-822",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-822"
},
{
"name": "17005",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17005"
}
]
}
}

220
2005/3xxx/CVE-2005-3106.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3106",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3106",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c",
"refsource" : "CONFIRM",
"url" : "http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c"
},
{
"name" : "DSA-922",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-922"
},
{
"name" : "FLSA:157459-3",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
},
{
"name" : "MDKSA-2006:072",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:072"
},
{
"name" : "RHSA-2006:0101",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0101.html"
},
{
"name" : "USN-199-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-199-1"
},
{
"name" : "15049",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15049"
},
{
"name" : "oval:org.mitre.oval:def:9108",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9108"
},
{
"name" : "18056",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18056"
},
{
"name" : "18510",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18510"
},
{
"name" : "17141",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17141"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9108",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9108"
},
{
"name": "18056",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18056"
},
{
"name": "RHSA-2006:0101",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0101.html"
},
{
"name": "http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c",
"refsource": "CONFIRM",
"url": "http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c@1.156?nav=index.html|src/|src/fs|hist/fs/exec.c"
},
{
"name": "DSA-922",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-922"
},
{
"name": "15049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15049"
},
{
"name": "18510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18510"
},
{
"name": "17141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17141"
},
{
"name": "USN-199-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-199-1"
},
{
"name": "MDKSA-2006:072",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:072"
},
{
"name": "FLSA:157459-3",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427980/100/0/threaded"
}
]
}
}

180
2005/3xxx/CVE-2005-3284.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051013 Secunia Research: AhnLab V3 Antivirus ALZ/UUE/XXE Archive HandlingBuffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/413260"
},
{
"name" : "http://secunia.com/secunia_research/2005-48/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2005-48/advisory/"
},
{
"name" : "http://global.ahnlab.com/security/security_advisory002.html",
"refsource" : "CONFIRM",
"url" : "http://global.ahnlab.com/security/security_advisory002.html"
},
{
"name" : "15091",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15091"
},
{
"name" : "19955",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19955"
},
{
"name" : "16851",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16851"
},
{
"name" : "80",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/80"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0.0.488, V3Net for Windows Server 6.0 before 6.0.0.488, and MyV3, with compressed file scanning enabled, allow remote attackers to execute arbitrary code via crafted (1) ALZ, (2) UUE, or (3) XXE archives."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://global.ahnlab.com/security/security_advisory002.html",
"refsource": "CONFIRM",
"url": "http://global.ahnlab.com/security/security_advisory002.html"
},
{
"name": "20051013 Secunia Research: AhnLab V3 Antivirus ALZ/UUE/XXE Archive HandlingBuffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/413260"
},
{
"name": "15091",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15091"
},
{
"name": "http://secunia.com/secunia_research/2005-48/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-48/advisory/"
},
{
"name": "19955",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19955"
},
{
"name": "80",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/80"
},
{
"name": "16851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16851"
}
]
}
}

220
2005/3xxx/CVE-2005-3623.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3623",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-3623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lkml.org/lkml/2005/12/23/171",
"refsource" : "MISC",
"url" : "http://lkml.org/lkml/2005/12/23/171"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm"
},
{
"name" : "RHSA-2006:0575",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0575.html"
},
{
"name" : "SUSE-SA:2006:006",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_06_kernel.html"
},
{
"name" : "SUSE-SA:2006:012",
"refsource" : "SUSE",
"url" : "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html"
},
{
"name" : "16570",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16570"
},
{
"name" : "oval:org.mitre.oval:def:11707",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707"
},
{
"name" : "18788",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18788"
},
{
"name" : "19038",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19038"
},
{
"name" : "21465",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21465"
},
{
"name" : "22417",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22417"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting access controls (ACL) on files on exported NFS filesystems, which allows remote attackers to bypass ACLs for readonly mounted NFS filesystems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18788"
},
{
"name": "19038",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19038"
},
{
"name": "SUSE-SA:2006:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_06_kernel.html"
},
{
"name": "RHSA-2006:0575",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0575.html"
},
{
"name": "oval:org.mitre.oval:def:11707",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11707"
},
{
"name": "http://lkml.org/lkml/2005/12/23/171",
"refsource": "MISC",
"url": "http://lkml.org/lkml/2005/12/23/171"
},
{
"name": "SUSE-SA:2006:012",
"refsource": "SUSE",
"url": "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0010.html"
},
{
"name": "21465",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21465"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-200.htm"
},
{
"name": "22417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22417"
},
{
"name": "16570",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16570"
}
]
}
}

970
2005/3xxx/CVE-2005-3627.json
View File

@ -1,487 +1,487 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3627",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large \"number of components\" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large \"Huffman table index\" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-3627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://scary.beasts.org/security/CESA-2005-003.txt",
"refsource" : "MISC",
"url" : "http://scary.beasts.org/security/CESA-2005-003.txt"
},
{
"name" : "http://www.kde.org/info/security/advisory-20051207-2.txt",
"refsource" : "CONFIRM",
"url" : "http://www.kde.org/info/security/advisory-20051207-2.txt"
},
{
"name" : "DSA-931",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-931"
},
{
"name" : "DSA-932",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-932"
},
{
"name" : "DSA-937",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-937"
},
{
"name" : "DSA-938",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-938"
},
{
"name" : "DSA-940",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-940"
},
{
"name" : "DSA-936",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-936"
},
{
"name" : "DSA-950",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-950"
},
{
"name" : "DSA-961",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-961"
},
{
"name" : "DSA-962",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-962"
},
{
"name" : "FLSA:175404",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427990/100/0/threaded"
},
{
"name" : "FEDORA-2005-025",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html"
},
{
"name" : "FEDORA-2005-026",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html"
},
{
"name" : "FLSA-2006:176751",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427053/100/0/threaded"
},
{
"name" : "GLSA-200601-02",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml"
},
{
"name" : "GLSA-200601-17",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml"
},
{
"name" : "MDKSA-2006:010",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010"
},
{
"name" : "MDKSA-2006:003",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003"
},
{
"name" : "MDKSA-2006:004",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004"
},
{
"name" : "MDKSA-2006:005",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005"
},
{
"name" : "MDKSA-2006:006",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006"
},
{
"name" : "MDKSA-2006:008",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008"
},
{
"name" : "MDKSA-2006:012",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012"
},
{
"name" : "MDKSA-2006:011",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011"
},
{
"name" : "RHSA-2006:0177",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0177.html"
},
{
"name" : "RHSA-2006:0160",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0160.html"
},
{
"name" : "RHSA-2006:0163",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0163.html"
},
{
"name" : "SCOSA-2006.15",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt"
},
{
"name" : "20051201-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U"
},
{
"name" : "20060101-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name" : "20060201-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U"
},
{
"name" : "SSA:2006-045-04",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747"
},
{
"name" : "SSA:2006-045-09",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683"
},
{
"name" : "102972",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1"
},
{
"name" : "SUSE-SA:2006:001",
"refsource" : "SUSE",
"url" : "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html"
},
{
"name" : "2006-0002",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2006/0002/"
},
{
"name" : "USN-236-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/236-1/"
},
{
"name" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html",
"refsource" : "CONFIRM",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html"
},
{
"name" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html",
"refsource" : "CONFIRM",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html"
},
{
"name" : "16143",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16143"
},
{
"name" : "oval:org.mitre.oval:def:10200",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10200"
},
{
"name" : "ADV-2006-0047",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0047"
},
{
"name" : "ADV-2007-2280",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2280"
},
{
"name" : "18303",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18303"
},
{
"name" : "18312",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18312"
},
{
"name" : "18313",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18313"
},
{
"name" : "18329",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18329"
},
{
"name" : "18332",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18332"
},
{
"name" : "18334",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18334"
},
{
"name" : "18335",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18335"
},
{
"name" : "18387",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18387"
},
{
"name" : "18416",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18416"
},
{
"name" : "18338",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18338"
},
{
"name" : "18349",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18349"
},
{
"name" : "18375",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18375"
},
{
"name" : "18385",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18385"
},
{
"name" : "18389",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18389"
},
{
"name" : "18423",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18423"
},
{
"name" : "18448",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18448"
},
{
"name" : "18398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18398"
},
{
"name" : "18407",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18407"
},
{
"name" : "18534",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18534"
},
{
"name" : "18582",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18582"
},
{
"name" : "18517",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18517"
},
{
"name" : "18554",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18554"
},
{
"name" : "18642",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18642"
},
{
"name" : "18644",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18644"
},
{
"name" : "18674",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18674"
},
{
"name" : "18675",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18675"
},
{
"name" : "18679",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18679"
},
{
"name" : "18908",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18908"
},
{
"name" : "18913",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18913"
},
{
"name" : "19230",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19230"
},
{
"name" : "19377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19377"
},
{
"name" : "18425",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18425"
},
{
"name" : "18463",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18463"
},
{
"name" : "18147",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18147"
},
{
"name" : "18373",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18373"
},
{
"name" : "18380",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18380"
},
{
"name" : "18414",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18414"
},
{
"name" : "18428",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18428"
},
{
"name" : "18436",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18436"
},
{
"name" : "25729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/25729"
},
{
"name" : "xpdf-readhuffmantables-bo(24024)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24024"
},
{
"name" : "xpdf-readscaninfo-bo(24025)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24025"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large \"number of components\" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large \"Huffman table index\" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16143"
},
{
"name": "DSA-932",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-932"
},
{
"name": "18349",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18349"
},
{
"name": "18147",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18147"
},
{
"name": "SCOSA-2006.15",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt"
},
{
"name": "http://scary.beasts.org/security/CESA-2005-003.txt",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2005-003.txt"
},
{
"name": "http://www.kde.org/info/security/advisory-20051207-2.txt",
"refsource": "CONFIRM",
"url": "http://www.kde.org/info/security/advisory-20051207-2.txt"
},
{
"name": "18679",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18679"
},
{
"name": "18312",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18312"
},
{
"name": "18644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18644"
},
{
"name": "USN-236-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/236-1/"
},
{
"name": "18425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18425"
},
{
"name": "18373",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18373"
},
{
"name": "18303",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18303"
},
{
"name": "DSA-931",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-931"
},
{
"name": "18554",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18554"
},
{
"name": "MDKSA-2006:003",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:003"
},
{
"name": "19230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19230"
},
{
"name": "102972",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102972-1"
},
{
"name": "MDKSA-2006:012",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:012"
},
{
"name": "DSA-962",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-962"
},
{
"name": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html",
"refsource": "CONFIRM",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00010.html"
},
{
"name": "RHSA-2006:0163",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0163.html"
},
{
"name": "DSA-937",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-937"
},
{
"name": "18398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18398"
},
{
"name": "FLSA-2006:176751",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427053/100/0/threaded"
},
{
"name": "2006-0002",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0002/"
},
{
"name": "SUSE-SA:2006:001",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html"
},
{
"name": "DSA-936",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-936"
},
{
"name": "FEDORA-2005-026",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00031.html"
},
{
"name": "18329",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18329"
},
{
"name": "18463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18463"
},
{
"name": "18642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18642"
},
{
"name": "18674",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18674"
},
{
"name": "MDKSA-2006:005",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:005"
},
{
"name": "18313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18313"
},
{
"name": "20051201-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U"
},
{
"name": "20060101-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "18448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18448"
},
{
"name": "18436",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18436"
},
{
"name": "18428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18428"
},
{
"name": "18380",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18380"
},
{
"name": "18423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18423"
},
{
"name": "18416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18416"
},
{
"name": "RHSA-2006:0177",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2006-0177.html"
},
{
"name": "ADV-2007-2280",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2280"
},
{
"name": "GLSA-200601-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-02.xml"
},
{
"name": "18335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18335"
},
{
"name": "xpdf-readscaninfo-bo(24025)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24025"
},
{
"name": "18407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18407"
},
{
"name": "18332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18332"
},
{
"name": "18517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18517"
},
{
"name": "18582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18582"
},
{
"name": "18534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18534"
},
{
"name": "SSA:2006-045-09",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.472683"
},
{
"name": "18908",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18908"
},
{
"name": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html",
"refsource": "CONFIRM",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00011.html"
},
{
"name": "25729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25729"
},
{
"name": "18414",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18414"
},
{
"name": "xpdf-readhuffmantables-bo(24024)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24024"
},
{
"name": "MDKSA-2006:006",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:006"
},
{
"name": "18338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18338"
},
{
"name": "MDKSA-2006:008",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:008"
},
{
"name": "20060201-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U"
},
{
"name": "RHSA-2006:0160",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0160.html"
},
{
"name": "MDKSA-2006:010",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:010"
},
{
"name": "DSA-940",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-940"
},
{
"name": "MDKSA-2006:004",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:004"
},
{
"name": "ADV-2006-0047",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0047"
},
{
"name": "GLSA-200601-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-17.xml"
},
{
"name": "18389",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18389"
},
{
"name": "SSA:2006-045-04",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.474747"
},
{
"name": "19377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19377"
},
{
"name": "FEDORA-2005-025",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00030.html"
},
{
"name": "FLSA:175404",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427990/100/0/threaded"
},
{
"name": "DSA-961",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-961"
},
{
"name": "18675",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18675"
},
{
"name": "18913",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18913"
},
{
"name": "DSA-938",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-938"
},
{
"name": "oval:org.mitre.oval:def:10200",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10200"
},
{
"name": "18334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18334"
},
{
"name": "18375",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18375"
},
{
"name": "DSA-950",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-950"
},
{
"name": "18387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18387"
},
{
"name": "MDKSA-2006:011",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:011"
},
{
"name": "18385",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18385"
}
]
}
}

170
2005/3xxx/CVE-2005-3860.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3860",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051126 Remote file include in Athena",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/417796/100/0/threaded"
},
{
"name" : "http://sourceforge.net/forum/forum.php?forum_id=514746",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/forum/forum.php?forum_id=514746"
},
{
"name" : "15574",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15574"
},
{
"name" : "ADV-2005-2599",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2599"
},
{
"name" : "1015278",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015278"
},
{
"name" : "208",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/208"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "208",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/208"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=514746",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=514746"
},
{
"name": "ADV-2005-2599",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2599"
},
{
"name": "15574",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15574"
},
{
"name": "1015278",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015278"
},
{
"name": "20051126 Remote file include in Athena",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417796/100/0/threaded"
}
]
}
}

130
2005/4xxx/CVE-2005-4728.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in the /home/anand directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341424",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341424"
},
{
"name" : "16945",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16945"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in the /home/anand directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16945"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341424",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341424"
}
]
}
}

140
2005/4xxx/CVE-2005-4830.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4830",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4830",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070226 ViewCVS 0.9.4 issues",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/461382/100/0/threaded"
},
{
"name" : "20050101 Two Vulnerabilities in ViewCVS",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030514.html"
},
{
"name" : "12112",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12112"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050101 Two Vulnerabilities in ViewCVS",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030514.html"
},
{
"name": "20070226 ViewCVS 0.9.4 issues",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/461382/100/0/threaded"
},
{
"name": "12112",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12112"
}
]
}
}

130
2009/0xxx/CVE-2009-0456.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0456",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in examples/example_clientside_javascript.php in patForms, as used in Sourdough 0.3.5, allows remote attackers to execute arbitrary PHP code via a URL in the neededFiles[patForms] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7946",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7946"
},
{
"name" : "33569",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33569"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in examples/example_clientside_javascript.php in patForms, as used in Sourdough 0.3.5, allows remote attackers to execute arbitrary PHP code via a URL in the neededFiles[patForms] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7946",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7946"
},
{
"name": "33569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33569"
}
]
}
}

170
2009/2xxx/CVE-2009-2187.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2187",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_REQ messages with ARP messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.opensolaris.org/view_bug.do?bug_id=6709252",
"refsource" : "CONFIRM",
"url" : "http://bugs.opensolaris.org/view_bug.do?bug_id=6709252"
},
{
"name" : "http://bugs.opensolaris.org/view_bug.do?bug_id=6731600",
"refsource" : "CONFIRM",
"url" : "http://bugs.opensolaris.org/view_bug.do?bug_id=6731600"
},
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-01-1",
"refsource" : "CONFIRM",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-01-1"
},
{
"name" : "262408",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262408-1"
},
{
"name" : "35474",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35474"
},
{
"name" : "35552",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in the (1) IP and (2) IPv6 multicast implementation in the kernel in Sun Solaris 10, and OpenSolaris snv_67 through snv_93, allow local users to cause a denial of service (memory consumption) via vectors related to the association of (a) DL_ENABMULTI_REQ and (b) DL_DISABMULTI_REQ messages with ARP messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35552"
},
{
"name": "http://bugs.opensolaris.org/view_bug.do?bug_id=6731600",
"refsource": "CONFIRM",
"url": "http://bugs.opensolaris.org/view_bug.do?bug_id=6731600"
},
{
"name": "262408",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-262408-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-01-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-01-1"
},
{
"name": "35474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35474"
},
{
"name": "http://bugs.opensolaris.org/view_bug.do?bug_id=6709252",
"refsource": "CONFIRM",
"url": "http://bugs.opensolaris.org/view_bug.do?bug_id=6709252"
}
]
}
}

150
2009/2xxx/CVE-2009-2436.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2436",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2436",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0907-exploits/myphpdating10-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0907-exploits/myphpdating10-sql.txt"
},
{
"name" : "35603",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35603"
},
{
"name" : "32268",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32268"
},
{
"name" : "ADV-2009-1819",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1819"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35603"
},
{
"name": "http://packetstormsecurity.org/0907-exploits/myphpdating10-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/myphpdating10-sql.txt"
},
{
"name": "ADV-2009-1819",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1819"
},
{
"name": "32268",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32268"
}
]
}
}

180
2009/2xxx/CVE-2009-2720.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2720",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name" : "http://java.sun.com/javase/6/webnotes/6u15.html",
"refsource" : "CONFIRM",
"url" : "http://java.sun.com/javase/6/webnotes/6u15.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name" : "GLSA-200911-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name" : "37386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37386"
},
{
"name" : "37460",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37460"
},
{
"name" : "ADV-2009-3316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the javax.swing.plaf.synth.SynthContext.isSubregion method in the Swing implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException in the Jemmy library) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37460"
},
{
"name": "GLSA-200911-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "http://java.sun.com/javase/6/webnotes/6u15.html",
"refsource": "CONFIRM",
"url": "http://java.sun.com/javase/6/webnotes/6u15.html"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}

130
2009/2xxx/CVE-2009-2769.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2769",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9297",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9297"
},
{
"name" : "36033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36033"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36033"
},
{
"name": "9297",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9297"
}
]
}
}

150
2009/2xxx/CVE-2009-2828.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2828",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3937",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3937"
},
{
"name" : "APPLE-SA-2009-11-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name" : "36956",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36956"
},
{
"name" : "ADV-2009-3184",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36956",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36956"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}

170
2009/3xxx/CVE-2009-3121.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3121",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/560298",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/560298"
},
{
"name" : "36165",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36165"
},
{
"name" : "57436",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/57436"
},
{
"name" : "36497",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36497"
},
{
"name" : "ADV-2009-2452",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2452"
},
{
"name" : "ajaxtable-unspecified-xss(52819)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52819"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36165",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36165"
},
{
"name": "57436",
"refsource": "OSVDB",
"url": "http://osvdb.org/57436"
},
{
"name": "36497",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36497"
},
{
"name": "http://drupal.org/node/560298",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/560298"
},
{
"name": "ADV-2009-2452",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2452"
},
{
"name": "ajaxtable-unspecified-xss(52819)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52819"
}
]
}
}

170
2009/3xxx/CVE-2009-3305.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3305",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547047",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547047"
},
{
"name" : "http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/dca6877a8117f0df",
"refsource" : "CONFIRM",
"url" : "http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/dca6877a8117f0df"
},
{
"name" : "DSA-2002",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2002"
},
{
"name" : "37463",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37463"
},
{
"name" : "37607",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37607"
},
{
"name" : "38647",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38647"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Polipo 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a Cache-Control header that lacks a value for the max-age field, which triggers a segmentation fault in the httpParseHeaders function in http_parse.c, and possibly other unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37463"
},
{
"name": "http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/dca6877a8117f0df",
"refsource": "CONFIRM",
"url": "http://groups.google.com/group/linux.debian.bugs.dist/browse_thread/thread/dca6877a8117f0df"
},
{
"name": "38647",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38647"
},
{
"name": "37607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37607"
},
{
"name": "DSA-2002",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2002"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547047",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=547047"
}
]
}
}

130
2009/3xxx/CVE-2009-3498.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3498",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0909-exploits/hbcms-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0909-exploits/hbcms-sql.txt"
},
{
"name" : "36854",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36854"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0909-exploits/hbcms-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0909-exploits/hbcms-sql.txt"
},
{
"name": "36854",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36854"
}
]
}
}

210
2009/4xxx/CVE-2009-4031.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4031",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20091125 CVE request: kernel: KVM: x86 emulator: limit instructions to 15 bytes",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/11/25/3"
},
{
"name" : "[oss-security] 20091125 Re: CVE request: kernel: KVM: x86 emulator: limit instructions to 15 bytes",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/11/25/1"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commit;h=e42d9b8141d1f54ff72ad3850bb110c95a5f3b88",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commit;h=e42d9b8141d1f54ff72ad3850bb110c95a5f3b88"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.32-rc8-next-20091125.gz",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.32-rc8-next-20091125.gz"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=541160",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=541160"
},
{
"name" : "FEDORA-2009-13098",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html"
},
{
"name" : "SUSE-SA:2010:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html"
},
{
"name" : "37130",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37130"
},
{
"name" : "oval:org.mitre.oval:def:11089",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11089"
},
{
"name" : "37720",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37720"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 emulator in the KVM subsystem in the Linux kernel before 2.6.32-rc8-next-20091125 tries to interpret instructions that contain too many bytes to be valid, which allows guest OS users to cause a denial of service (increased scheduling latency) on the host OS via unspecified manipulations related to SMP support."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20091125 Re: CVE request: kernel: KVM: x86 emulator: limit instructions to 15 bytes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/11/25/1"
},
{
"name": "37720",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37720"
},
{
"name": "SUSE-SA:2010:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00006.html"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.32-rc8-next-20091125.gz",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/next/patch-v2.6.32-rc8-next-20091125.gz"
},
{
"name": "oval:org.mitre.oval:def:11089",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11089"
},
{
"name": "[oss-security] 20091125 CVE request: kernel: KVM: x86 emulator: limit instructions to 15 bytes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/11/25/3"
},
{
"name": "FEDORA-2009-13098",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commit;h=e42d9b8141d1f54ff72ad3850bb110c95a5f3b88",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commit;h=e42d9b8141d1f54ff72ad3850bb110c95a5f3b88"
},
{
"name": "37130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37130"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=541160",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=541160"
}
]
}
}

34
2015/0xxx/CVE-2015-0033.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0033",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-0033",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

130
2015/0xxx/CVE-2015-0450.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0450",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to WebCenter Spaces Application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name" : "1032131",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032131"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to WebCenter Spaces Application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "1032131",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032131"
}
]
}
}

150
2015/1xxx/CVE-2015-1140.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1140",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1140",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT204659",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204659"
},
{
"name" : "APPLE-SA-2015-04-08-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name" : "73982",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73982"
},
{
"name" : "1032048",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032048"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "73982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73982"
},
{
"name": "1032048",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032048"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
}
]
}
}

190
2015/1xxx/CVE-2015-1381.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150126 CVE request for Privoxy",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name" : "[oss-security] 20150127 Re: CVE request for Privoxy",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name" : "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup",
"refsource" : "CONFIRM",
"url" : "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup"
},
{
"name" : "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47",
"refsource" : "CONFIRM",
"url" : "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47"
},
{
"name" : "DSA-3145",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3145"
},
{
"name" : "openSUSE-SU-2015:0230",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
},
{
"name" : "62775",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62775"
},
{
"name" : "62899",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62899"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in pcrs.c in Privoxy before 3.0.23 allow remote attackers to cause a denial of service (segmentation fault or memory consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150126 CVE request for Privoxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/26/4"
},
{
"name": "62899",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62899"
},
{
"name": "DSA-3145",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3145"
},
{
"name": "62775",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62775"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.197&view=markup"
},
{
"name": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47",
"refsource": "CONFIRM",
"url": "http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47"
},
{
"name": "[oss-security] 20150127 Re: CVE request for Privoxy",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/27/20"
},
{
"name": "openSUSE-SU-2015:0230",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00031.html"
}
]
}
}

240
2015/4xxx/CVE-2015-4497.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4497",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2015-4497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-406",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-406"
},
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-94.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-94.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1164766",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1164766"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1175278",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1175278"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "DSA-3345",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3345"
},
{
"name" : "RHSA-2015:1693",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1693.html"
},
{
"name" : "SUSE-SU-2015:2081",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name" : "SUSE-SU-2015:1504",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html"
},
{
"name" : "openSUSE-SU-2015:1492",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00000.html"
},
{
"name" : "USN-2723-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2723-1"
},
{
"name" : "76502",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76502"
},
{
"name" : "1033397",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033397"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the CanvasRenderingContext2D implementation in Mozilla Firefox before 40.0.3 and Firefox ESR 38.x before 38.2.1 allows remote attackers to execute arbitrary code by leveraging improper interaction between resize events and changes to Cascading Style Sheets (CSS) token sequences for a CANVAS element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-94.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-94.html"
},
{
"name": "DSA-3345",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3345"
},
{
"name": "SUSE-SU-2015:2081",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"
},
{
"name": "USN-2723-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2723-1"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-406",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-406"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1175278",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1175278"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "SUSE-SU-2015:1504",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00013.html"
},
{
"name": "openSUSE-SU-2015:1492",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00000.html"
},
{
"name": "76502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76502"
},
{
"name": "RHSA-2015:1693",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1693.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1164766",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1164766"
},
{
"name": "1033397",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033397"
}
]
}
}

150
2015/4xxx/CVE-2015-4624.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4624",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150811 [CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware <= 2.3.0",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536184/100/500/threaded"
},
{
"name" : "40609",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/40609/"
},
{
"name" : "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html"
},
{
"name" : "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "40609",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/40609/"
},
{
"name": "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html"
},
{
"name": "20150811 [CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware <= 2.3.0",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536184/100/500/threaded"
},
{
"name": "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html"
}
]
}
}

34
2015/4xxx/CVE-2015-4701.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4701",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4701",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2015/5xxx/CVE-2015-5019.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5019",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5019",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21967781",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21967781"
},
{
"name" : "IT11008",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1IT11008"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B Integrator 5.2 before 5020500_9 allow remote authenticated users to read or upload files by leveraging a password-change requirement."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IT11008",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IT11008"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21967781",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967781"
}
]
}
}

34
2015/5xxx/CVE-2015-5518.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5518",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5518",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

240
2015/5xxx/CVE-2015-5581.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5584, and CVE-2015-6682."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-5581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
},
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "GLSA-201509-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201509-07"
},
{
"name" : "RHSA-2015:1814",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
},
{
"name" : "openSUSE-SU-2015:1781",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name" : "SUSE-SU-2015:1614",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
},
{
"name" : "SUSE-SU-2015:1618",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
},
{
"name" : "openSUSE-SU-2015:1616",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
},
{
"name" : "76795",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76795"
},
{
"name" : "1033629",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033629"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5574, CVE-2015-5584, and CVE-2015-6682."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1814",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1814.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "openSUSE-SU-2015:1616",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00023.html"
},
{
"name": "1033629",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033629"
},
{
"name": "SUSE-SU-2015:1618",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00024.html"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04939841"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-23.html"
},
{
"name": "76795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76795"
},
{
"name": "SUSE-SU-2015:1614",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00022.html"
},
{
"name": "GLSA-201509-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-07"
},
{
"name": "openSUSE-SU-2015:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
}
]
}
}

34
2015/5xxx/CVE-2015-5591.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5591",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5591",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2015/5xxx/CVE-2015-5709.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5709",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5709",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2015/5xxx/CVE-2015-5782.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT205030",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205030"
},
{
"name" : "https://support.apple.com/kb/HT205031",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205031"
},
{
"name" : "APPLE-SA-2015-08-13-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name" : "APPLE-SA-2015-08-13-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name" : "76343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76343"
},
{
"name" : "1033275",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted TIFF image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT205030",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205030"
},
{
"name": "1033275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2015-08-13-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "76343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76343"
}
]
}
}

172
2018/2xxx/CVE-2018-2826.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Java",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "Java SE: 10"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Java",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "Java SE: 10"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180419-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180419-0001/"
},
{
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource" : "CONFIRM",
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name" : "USN-3747-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3747-1/"
},
{
"name" : "103796",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103796"
},
{
"name" : "1040697",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040697"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Libraries). The supported version that is affected is Java SE: 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040697",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040697"
},
{
"name": "USN-3747-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3747-1/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180419-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180419-0001/"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "103796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103796"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
}
]
}
}

174
2018/3xxx/CVE-2018-3026.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3026",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Banking Payments",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.2.0"
},
{
"version_affected" : "=",
"version_value" : "12.3.0"
},
{
"version_affected" : "=",
"version_value" : "12.4.0"
},
{
"version_affected" : "=",
"version_value" : "12.5.0"
},
{
"version_affected" : "=",
"version_value" : "14.1.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Payments, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Payments, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Banking Payments",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.2.0"
},
{
"version_affected": "=",
"version_value": "12.3.0"
},
{
"version_affected": "=",
"version_value": "12.4.0"
},
{
"version_affected": "=",
"version_value": "12.5.0"
},
{
"version_affected": "=",
"version_value": "14.1.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104790",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104790"
},
{
"name" : "1041307",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Payments, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Banking Payments, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Payments accessible data as well as unauthorized read access to a subset of Oracle Banking Payments accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104790"
},
{
"name": "1041307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041307"
}
]
}
}

174
2018/3xxx/CVE-2018-3036.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3036",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Banking Corporate Lending",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.3.0"
},
{
"version_affected" : "=",
"version_value" : "12.4.0"
},
{
"version_affected" : "=",
"version_value" : "12.5.0"
},
{
"version_affected" : "=",
"version_value" : "14.0.0"
},
{
"version_affected" : "=",
"version_value" : "14.1.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Banking Corporate Lending",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.3.0"
},
{
"version_affected": "=",
"version_value": "12.4.0"
},
{
"version_affected": "=",
"version_value": "12.5.0"
},
{
"version_affected": "=",
"version_value": "14.0.0"
},
{
"version_affected": "=",
"version_value": "14.1.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104795",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104795"
},
{
"name" : "1041307",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Banking Corporate Lending component of Oracle Financial Services Applications (subcomponent: Core module). Supported versions that are affected are 12.3.0, 12.4.0, 12.5.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Corporate Lending. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Banking Corporate Lending accessible data as well as unauthorized read access to a subset of Oracle Banking Corporate Lending accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Banking Corporate Lending."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041307"
},
{
"name": "104795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104795"
}
]
}
}

140
2018/3xxx/CVE-2018-3219.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3219",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.5.3"
},
{
"version_affected" : "=",
"version_value" : "8.5.4"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.5.3"
},
{
"version_affected": "=",
"version_value": "8.5.4"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105603",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105603"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected are 8.5.3 and 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105603"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

150
2018/3xxx/CVE-2018-3257.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3257",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PeopleSoft Enterprise PT PeopleTools",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.55"
},
{
"version_affected" : "=",
"version_value" : "8.56"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.55"
},
{
"version_affected": "=",
"version_value": "8.56"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105598",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105598"
},
{
"name" : "1041891",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041891"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105598"
},
{
"name": "1041891",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041891"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

130
2018/6xxx/CVE-2018-6374.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6374",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43620",
"refsource" : "CONFIRM",
"url" : "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43620"
},
{
"name" : "102908",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102908"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients before PULSE5.2R9.2 and 5.3.x before PULSE5.3R4.2 does not perform strict SSL Certificate Validation. This can lead to the manipulation of the Pulse Connection set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102908",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102908"
},
{
"name": "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43620",
"refsource": "CONFIRM",
"url": "http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43620"
}
]
}
}

34
2018/6xxx/CVE-2018-6424.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6424",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6424",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/6xxx/CVE-2018-6578.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "43948",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/43948"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! via the usr_plan parameter in a view=myplans&task=myplans.usersubscriptions request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43948",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43948"
}
]
}
}

34
2018/6xxx/CVE-2018-6723.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6723",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6723",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2018/6xxx/CVE-2018-6940.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6940",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180214 NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/541777/100/0/threaded"
},
{
"name" : "44033",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44033/"
},
{
"name" : "http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CVE-2018-6940.txt",
"refsource" : "MISC",
"url" : "http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CVE-2018-6940.txt"
},
{
"name" : "http://packetstormsecurity.com/files/146373/NAT32-Build-22284-Remote-Command-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/146373/NAT32-Build-22284-Remote-Command-Execution.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/146373/NAT32-Build-22284-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146373/NAT32-Build-22284-Remote-Command-Execution.html"
},
{
"name": "44033",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44033/"
},
{
"name": "20180214 NAT32 Build (22284) Remote Code Execution CVE-2018-6940 (hyp3rlinx / apparition security)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541777/100/0/threaded"
},
{
"name": "http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CVE-2018-6940.txt",
"refsource": "MISC",
"url": "http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CVE-2018-6940.txt"
}
]
}
}

160
2018/7xxx/CVE-2018-7033.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7033",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180428 [SECURITY] [DLA 1367-1] slurm-llnl security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00032.html"
},
{
"name" : "[debian-lts-announce] 20180721 [SECURITY] [DLA 1437-1] slurm-llnl security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00029.html"
},
{
"name" : "https://lists.schedmd.com/pipermail/slurm-announce/2018/000006.html",
"refsource" : "CONFIRM",
"url" : "https://lists.schedmd.com/pipermail/slurm-announce/2018/000006.html"
},
{
"name" : "https://www.schedmd.com/news.php?id=201",
"refsource" : "CONFIRM",
"url" : "https://www.schedmd.com/news.php?id=201"
},
{
"name" : "DSA-4254",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4254"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL Injection attacks against SlurmDBD."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4254",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4254"
},
{
"name": "https://www.schedmd.com/news.php?id=201",
"refsource": "CONFIRM",
"url": "https://www.schedmd.com/news.php?id=201"
},
{
"name": "[debian-lts-announce] 20180428 [SECURITY] [DLA 1367-1] slurm-llnl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00032.html"
},
{
"name": "https://lists.schedmd.com/pipermail/slurm-announce/2018/000006.html",
"refsource": "CONFIRM",
"url": "https://lists.schedmd.com/pipermail/slurm-announce/2018/000006.html"
},
{
"name": "[debian-lts-announce] 20180721 [SECURITY] [DLA 1437-1] slurm-llnl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00029.html"
}
]
}
}

34
2018/7xxx/CVE-2018-7168.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7168",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7168",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/7xxx/CVE-2018-7452.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7452",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7452",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=613",
"refsource" : "MISC",
"url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=613"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=613",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=613"
}
]
}
}

150
2018/7xxx/CVE-2018-7643.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7643",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22905",
"refsource" : "MISC",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22905"
},
{
"name" : "GLSA-201811-17",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-17"
},
{
"name" : "RHSA-2018:3032",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3032"
},
{
"name" : "103264",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103264"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 allows remote attackers to cause a denial of service (integer overflow and application crash) or possibly have unspecified other impact via a crafted ELF file, as demonstrated by objdump."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103264",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103264"
},
{
"name": "RHSA-2018:3032",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3032"
},
{
"name": "GLSA-201811-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-17"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22905",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22905"
}
]
}
}

122
2018/7xxx/CVE-2018-7765.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@se.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7765",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "SQL Injection Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2018-04-05T00:00:00",
"ID": "CVE-2018-7765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "U.Motion",
"version": {
"version_data": [
{
"version_value": "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/",
"refsource" : "CONFIRM",
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerability exists within processing of track_import_export.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. The underlying SQLite database query is subject to SQL injection on the object_id input parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}
}

34
2018/8xxx/CVE-2018-8063.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8063",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8063",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}