admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:25:07 +00:00
parent 39493b54c2
commit 461211ee5a
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
58 changed files with 4711 additions and 4711 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
2005/0xxx/CVE-2005-0054.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0054",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the \"URL Decoding Zone Spoofing Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050209 Internet Explorer zone spoofing with encoded URLs",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110796851002781&w=2"
},
{
"name" : "MS05-014",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"name" : "TA05-039A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name" : "VU#580299",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/580299"
},
{
"name" : "oval:org.mitre.oval:def:1308",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308"
},
{
"name" : "oval:org.mitre.oval:def:1736",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736"
},
{
"name" : "oval:org.mitre.oval:def:3060",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060"
},
{
"name" : "oval:org.mitre.oval:def:3196",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196"
},
{
"name" : "oval:org.mitre.oval:def:3586",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586"
},
{
"name" : "ie-file-url-encode(19214)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19214"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the \"URL Decoding Zone Spoofing Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:3196",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3196"
},
{
"name": "ie-file-url-encode(19214)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19214"
},
{
"name": "MS05-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-014"
},
{
"name": "TA05-039A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-039A.html"
},
{
"name": "oval:org.mitre.oval:def:3060",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3060"
},
{
"name": "oval:org.mitre.oval:def:1736",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1736"
},
{
"name": "20050209 Internet Explorer zone spoofing with encoded URLs",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110796851002781&w=2"
},
{
"name": "oval:org.mitre.oval:def:3586",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3586"
},
{
"name": "oval:org.mitre.oval:def:1308",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1308"
},
{
"name": "VU#580299",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/580299"
}
]
}
}

190
2005/0xxx/CVE-2005-0197.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050126 Crafted Packet Causes Reload on Cisco Routers",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml"
},
{
"name" : "TA05-026A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-026A.html"
},
{
"name" : "VU#583638",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/583638"
},
{
"name" : "12369",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12369"
},
{
"name" : "oval:org.mitre.oval:def:5662",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5662"
},
{
"name" : "1013015",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013015"
},
{
"name" : "14031",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14031"
},
{
"name" : "cisco-ios-mpls-dos(19071)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19071"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#583638",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/583638"
},
{
"name": "oval:org.mitre.oval:def:5662",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5662"
},
{
"name": "14031",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14031"
},
{
"name": "cisco-ios-mpls-dos(19071)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19071"
},
{
"name": "12369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12369"
},
{
"name": "TA05-026A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-026A.html"
},
{
"name": "1013015",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013015"
},
{
"name": "20050126 Crafted Packet Causes Reload on Cisco Routers",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml"
}
]
}
}

140
2005/0xxx/CVE-2005-0253.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050217 Advisory: Multiple Vulnerabilities in BibORB",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110868948719773&w=2"
},
{
"name" : "20050217 Advisory: Multiple Vulnerabilities in BibORB",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=110864983905770&w=2"
},
{
"name" : "12583",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12583"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12583",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12583"
},
{
"name": "20050217 Advisory: Multiple Vulnerabilities in BibORB",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110868948719773&w=2"
},
{
"name": "20050217 Advisory: Multiple Vulnerabilities in BibORB",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=110864983905770&w=2"
}
]
}
}

150
2005/1xxx/CVE-2005-1811.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1811",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050530 MyBB 1.0 RC4 XSS Bug",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/lists/bugtraq/2005/May/0338.html"
},
{
"name" : "13819",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13819"
},
{
"name" : "1014081",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014081"
},
{
"name" : "15552",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15552"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in usercp.php for MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via the website field in a user profile."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014081",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014081"
},
{
"name": "20050530 MyBB 1.0 RC4 XSS Bug",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2005/May/0338.html"
},
{
"name": "15552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15552"
},
{
"name": "13819",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13819"
}
]
}
}

130
2005/3xxx/CVE-2005-3234.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3234",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple interpretation error in unspecified versions of Grisoft AVG Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051007 Antivirus detection bypass by special crafted archive.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2"
},
{
"name" : "http://shadock.net/secubox/AVCraftedArchive.html",
"refsource" : "MISC",
"url" : "http://shadock.net/secubox/AVCraftedArchive.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple interpretation error in unspecified versions of Grisoft AVG Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://shadock.net/secubox/AVCraftedArchive.html",
"refsource": "MISC",
"url": "http://shadock.net/secubox/AVCraftedArchive.html"
},
{
"name": "20051007 Antivirus detection bypass by special crafted archive.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2"
}
]
}
}

210
2005/3xxx/CVE-2005-3707.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20060112 Fortinet Security Advisory: \"Apple QuickTime Player Improper Memory Access Vulnerability\"",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0445.html"
},
{
"name" : "APPLE-SA-2006-01-10",
"refsource" : "APPLE",
"url" : "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name" : "TA06-011A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name" : "VU#115729",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/115729"
},
{
"name" : "16202",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16202"
},
{
"name" : "ADV-2006-0128",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name" : "22336",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22336"
},
{
"name" : "1015464",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015464"
},
{
"name" : "18370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18370"
},
{
"name" : "quicktime-tga-bo(24056)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24056"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18370"
},
{
"name": "quicktime-tga-bo(24056)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24056"
},
{
"name": "TA06-011A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-011A.html"
},
{
"name": "APPLE-SA-2006-01-10",
"refsource": "APPLE",
"url": "http://docs.info.apple.com/article.html?artnum=303101"
},
{
"name": "20060112 Fortinet Security Advisory: \"Apple QuickTime Player Improper Memory Access Vulnerability\"",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0445.html"
},
{
"name": "1015464",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015464"
},
{
"name": "22336",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22336"
},
{
"name": "ADV-2006-0128",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0128"
},
{
"name": "16202",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16202"
},
{
"name": "VU#115729",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/115729"
}
]
}
}

200
2005/3xxx/CVE-2005-3862.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3862",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340842",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340842"
},
{
"name" : "http://www.kipple.pe.kr/win/unalz/",
"refsource" : "CONFIRM",
"url" : "http://www.kipple.pe.kr/win/unalz/"
},
{
"name" : "DSA-959",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-959"
},
{
"name" : "15577",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15577"
},
{
"name" : "ADV-2005-2604",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2604"
},
{
"name" : "21160",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21160"
},
{
"name" : "17774",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17774"
},
{
"name" : "18665",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18665"
},
{
"name" : "unalz-alz-archive-bo(23267)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23267"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21160",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21160"
},
{
"name": "ADV-2005-2604",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2604"
},
{
"name": "15577",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15577"
},
{
"name": "18665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18665"
},
{
"name": "17774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17774"
},
{
"name": "unalz-alz-archive-bo(23267)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23267"
},
{
"name": "http://www.kipple.pe.kr/win/unalz/",
"refsource": "CONFIRM",
"url": "http://www.kipple.pe.kr/win/unalz/"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340842",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340842"
},
{
"name": "DSA-959",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-959"
}
]
}
}

180
2005/3xxx/CVE-2005-3963.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3963",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051130 ZRCSA-200504 - dotclear SQL Injection",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/1052.html"
},
{
"name" : "http://www.zone-h.org/advisories/read/id=8485",
"refsource" : "MISC",
"url" : "http://www.zone-h.org/advisories/read/id=8485"
},
{
"name" : "http://www.dotclear.net/forum/viewtopic.php?id=13876",
"refsource" : "CONFIRM",
"url" : "http://www.dotclear.net/forum/viewtopic.php?id=13876"
},
{
"name" : "15667",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15667"
},
{
"name" : "ADV-2005-2677",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2677"
},
{
"name" : "21333",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21333"
},
{
"name" : "17830",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17830"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in session.php in DotClear before 1.2.3 allows remote attackers to execute arbitrary SQL commands via the dc_xd parameter in a cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21333",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21333"
},
{
"name": "17830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17830"
},
{
"name": "http://www.zone-h.org/advisories/read/id=8485",
"refsource": "MISC",
"url": "http://www.zone-h.org/advisories/read/id=8485"
},
{
"name": "ADV-2005-2677",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2677"
},
{
"name": "15667",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15667"
},
{
"name": "http://www.dotclear.net/forum/viewtopic.php?id=13876",
"refsource": "CONFIRM",
"url": "http://www.dotclear.net/forum/viewtopic.php?id=13876"
},
{
"name": "20051130 ZRCSA-200504 - dotclear SQL Injection",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/1052.html"
}
]
}
}

180
2005/3xxx/CVE-2005-3986.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3986",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/11/instant-photo-gallery-sql-inj-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/instant-photo-gallery-sql-inj-vuln.html"
},
{
"name" : "15659",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15659"
},
{
"name" : "ADV-2005-2670",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2670"
},
{
"name" : "21334",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21334"
},
{
"name" : "21335",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21335"
},
{
"name" : "17841",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17841"
},
{
"name" : "instantphotogallery-multiple-sql-injection(23350)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23350"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter in portfolio.php and (2) cid parameter in content.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21335",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21335"
},
{
"name": "21334",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21334"
},
{
"name": "http://pridels0.blogspot.com/2005/11/instant-photo-gallery-sql-inj-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/instant-photo-gallery-sql-inj-vuln.html"
},
{
"name": "ADV-2005-2670",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2670"
},
{
"name": "17841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17841"
},
{
"name": "instantphotogallery-multiple-sql-injection(23350)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23350"
},
{
"name": "15659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15659"
}
]
}
}

160
2005/4xxx/CVE-2005-4237.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4237",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword parameter in the SearchZoom module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4237",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/mysql-auction-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/mysql-auction-xss-vuln.html"
},
{
"name" : "15852",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15852"
},
{
"name" : "ADV-2005-2876",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2876"
},
{
"name" : "21685",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21685"
},
{
"name" : "18006",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18006"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword parameter in the SearchZoom module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21685",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21685"
},
{
"name": "ADV-2005-2876",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2876"
},
{
"name": "18006",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18006"
},
{
"name": "http://pridels0.blogspot.com/2005/12/mysql-auction-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/mysql-auction-xss-vuln.html"
},
{
"name": "15852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15852"
}
]
}
}

200
2005/4xxx/CVE-2005-4599.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051229 Advisory 26/2005: TinyMCE Compressor Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420543/100/0/threaded"
},
{
"name" : "http://www.hardened-php.net/advisory_262005.111.html",
"refsource" : "MISC",
"url" : "http://www.hardened-php.net/advisory_262005.111.html"
},
{
"name" : "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233",
"refsource" : "CONFIRM",
"url" : "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233"
},
{
"name" : "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244",
"refsource" : "CONFIRM",
"url" : "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244"
},
{
"name" : "16083",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16083"
},
{
"name" : "22117",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22117"
},
{
"name" : "1015424",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015424"
},
{
"name" : "18262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18262"
},
{
"name" : "tinymce-compressor-xss(23906)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23906"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233",
"refsource": "CONFIRM",
"url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2233"
},
{
"name": "tinymce-compressor-xss(23906)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23906"
},
{
"name": "22117",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22117"
},
{
"name": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244",
"refsource": "CONFIRM",
"url": "http://tinymce.moxiecode.com/punbb/viewtopic.php?id=2244"
},
{
"name": "18262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18262"
},
{
"name": "http://www.hardened-php.net/advisory_262005.111.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_262005.111.html"
},
{
"name": "20051229 Advisory 26/2005: TinyMCE Compressor Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420543/100/0/threaded"
},
{
"name": "16083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16083"
},
{
"name": "1015424",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015424"
}
]
}
}

120
2005/4xxx/CVE-2005-4712.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. NOTE: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zone-h.org/advisories/read/id=8360",
"refsource" : "MISC",
"url" : "http://www.zone-h.org/advisories/read/id=8360"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter. NOTE: the vendor has disputed CVE-2005-3497, and it is possible that the dispute was intended to include this issue as well."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zone-h.org/advisories/read/id=8360",
"refsource": "MISC",
"url": "http://www.zone-h.org/advisories/read/id=8360"
}
]
}
}

260
2005/4xxx/CVE-2005-4838.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4838",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-4838",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070906 Apache Tomcat remote xss",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065598.html"
},
{
"name" : "http://www.oliverkarow.de/research/jakarta556_xss.txt",
"refsource" : "MISC",
"url" : "http://www.oliverkarow.de/research/jakarta556_xss.txt"
},
{
"name" : "[tomcat-dev] 20050103 Re: Fwd: XSS in Jakarta Tomcat 5.5.6",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=tomcat-dev&m=110476790331536&w=2"
},
{
"name" : "[tomcat-dev] 20050103 [PATCH jakarta-servletapi-5] Re: Fwd: XSS in Jakarta Tomcat 5.5.6",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=tomcat-dev&m=110477195116951&w=2"
},
{
"name" : "http://tomcat.apache.org/security-4.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-4.html"
},
{
"name" : "http://tomcat.apache.org/security-5.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-5.html"
},
{
"name" : "RHSA-2008:0261",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name" : "RHSA-2008:0630",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
},
{
"name" : "12721",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/12721"
},
{
"name" : "34878",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/34878"
},
{
"name" : "34879",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/34879"
},
{
"name" : "1012793",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1012793"
},
{
"name" : "13737",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13737"
},
{
"name" : "31493",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31493"
},
{
"name" : "tomcat-functions-xss(36467)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/36467"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the example web applications for Jakarta Tomcat 5.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) el/functions.jsp, (2) el/implicit-objects.jsp, and (3) jspx/textRotate.jspx in examples/jsp2/, as demonstrated via script in a request to snp/snoop.jsp. NOTE: other XSS issues in the manager were simultaneously reported, but these require admin access and do not cross privilege boundaries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tomcat.apache.org/security-4.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-4.html"
},
{
"name": "tomcat-functions-xss(36467)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36467"
},
{
"name": "20070906 Apache Tomcat remote xss",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065598.html"
},
{
"name": "RHSA-2008:0630",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"
},
{
"name": "34878",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34878"
},
{
"name": "12721",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12721"
},
{
"name": "31493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31493"
},
{
"name": "[tomcat-dev] 20050103 [PATCH jakarta-servletapi-5] Re: Fwd: XSS in Jakarta Tomcat 5.5.6",
"refsource": "MLIST",
"url": "http://marc.info/?l=tomcat-dev&m=110477195116951&w=2"
},
{
"name": "34879",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/34879"
},
{
"name": "1012793",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012793"
},
{
"name": "13737",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13737"
},
{
"name": "http://www.oliverkarow.de/research/jakarta556_xss.txt",
"refsource": "MISC",
"url": "http://www.oliverkarow.de/research/jakarta556_xss.txt"
},
{
"name": "http://tomcat.apache.org/security-5.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"name": "RHSA-2008:0261",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"
},
{
"name": "[tomcat-dev] 20050103 Re: Fwd: XSS in Jakarta Tomcat 5.5.6",
"refsource": "MLIST",
"url": "http://marc.info/?l=tomcat-dev&m=110476790331536&w=2"
}
]
}
}

180
2009/0xxx/CVE-2009-0089.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0089",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to \"forward a connection\" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka \"Windows HTTP Services Certificate Name Mismatch Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0089",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS09-013",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013"
},
{
"name" : "TA09-104A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name" : "34437",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34437"
},
{
"name" : "oval:org.mitre.oval:def:6027",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6027"
},
{
"name" : "1022041",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022041"
},
{
"name" : "34677",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34677"
},
{
"name" : "ADV-2009-1027",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1027"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to \"forward a connection\" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka \"Windows HTTP Services Certificate Name Mismatch Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34437",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34437"
},
{
"name": "oval:org.mitre.oval:def:6027",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6027"
},
{
"name": "34677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34677"
},
{
"name": "TA09-104A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-104A.html"
},
{
"name": "1022041",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022041"
},
{
"name": "ADV-2009-1027",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1027"
},
{
"name": "MS09-013",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-013"
}
]
}
}

200
2009/0xxx/CVE-2009-0558.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0558",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Array Indexing Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0558",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090609 Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504188/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2009-1/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2009-1/"
},
{
"name" : "MS09-021",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name" : "TA09-160A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name" : "35242",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35242"
},
{
"name" : "54954",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54954"
},
{
"name" : "oval:org.mitre.oval:def:11525",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525"
},
{
"name" : "1022351",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022351"
},
{
"name" : "ADV-2009-1540",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1540"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka \"Array Indexing Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1540",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1540"
},
{
"name": "20090609 Secunia Research: Microsoft Excel Record Parsing Array Indexing Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504188/100/0/threaded"
},
{
"name": "35242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35242"
},
{
"name": "1022351",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022351"
},
{
"name": "MS09-021",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-021"
},
{
"name": "54954",
"refsource": "OSVDB",
"url": "http://osvdb.org/54954"
},
{
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name": "http://secunia.com/secunia_research/2009-1/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-1/"
},
{
"name": "oval:org.mitre.oval:def:11525",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11525"
}
]
}
}

180
2009/1xxx/CVE-2009-1030.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090310 [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/501667/100/0/threaded"
},
{
"name" : "8196",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8196"
},
{
"name" : "HPSBUX02514",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=126996727024732&w=2"
},
{
"name" : "SSRT100010",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=126996727024732&w=2"
},
{
"name" : "34075",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34075"
},
{
"name" : "1021838",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021838"
},
{
"name" : "wordpressmu-wpmufunctions-xss(49184)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34075",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34075"
},
{
"name": "1021838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021838"
},
{
"name": "wordpressmu-wpmufunctions-xss(49184)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49184"
},
{
"name": "20090310 [ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501667/100/0/threaded"
},
{
"name": "HPSBUX02514",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=126996727024732&w=2"
},
{
"name": "8196",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8196"
},
{
"name": "SSRT100010",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=126996727024732&w=2"
}
]
}
}

450
2009/1xxx/CVE-2009-1841.json
View File

@ -1,227 +1,227 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1841",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-32.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-32.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=479560",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=479560"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=503583",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=503583"
},
{
"name" : "DSA-1820",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1820"
},
{
"name" : "DSA-1830",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1830"
},
{
"name" : "FEDORA-2009-6366",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html"
},
{
"name" : "FEDORA-2009-6411",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html"
},
{
"name" : "FEDORA-2009-7567",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html"
},
{
"name" : "FEDORA-2009-7614",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html"
},
{
"name" : "MDVSA-2009:141",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
},
{
"name" : "RHSA-2009:1095",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1095.html"
},
{
"name" : "RHSA-2009:1096",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-1096.html"
},
{
"name" : "SSA:2009-167-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468"
},
{
"name" : "SSA:2009-176-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408"
},
{
"name" : "SSA:2009-178-01",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275"
},
{
"name" : "264308",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
},
{
"name" : "USN-782-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-782-1"
},
{
"name" : "35326",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35326"
},
{
"name" : "35373",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35373"
},
{
"name" : "55159",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55159"
},
{
"name" : "oval:org.mitre.oval:def:9815",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9815"
},
{
"name" : "1022397",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022397"
},
{
"name" : "35331",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35331"
},
{
"name" : "35428",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35428"
},
{
"name" : "35431",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35431"
},
{
"name" : "35439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35439"
},
{
"name" : "35440",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35440"
},
{
"name" : "35468",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35468"
},
{
"name" : "35536",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35536"
},
{
"name" : "35415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35415"
},
{
"name" : "35561",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35561"
},
{
"name" : "35602",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35602"
},
{
"name" : "35882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35882"
},
{
"name" : "ADV-2009-1572",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1572"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1572",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1572"
},
{
"name": "RHSA-2009:1096",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1096.html"
},
{
"name": "SSA:2009-178-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275"
},
{
"name": "DSA-1830",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1830"
},
{
"name": "35536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35536"
},
{
"name": "35602",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35602"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=479560",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=479560"
},
{
"name": "FEDORA-2009-7614",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00504.html"
},
{
"name": "35326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35326"
},
{
"name": "35440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35440"
},
{
"name": "FEDORA-2009-6411",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html"
},
{
"name": "USN-782-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-782-1"
},
{
"name": "35428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35428"
},
{
"name": "35431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35431"
},
{
"name": "FEDORA-2009-7567",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00444.html"
},
{
"name": "35331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35331"
},
{
"name": "35468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35468"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-32.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-32.html"
},
{
"name": "35439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35439"
},
{
"name": "35882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35882"
},
{
"name": "FEDORA-2009-6366",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html"
},
{
"name": "MDVSA-2009:141",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
},
{
"name": "oval:org.mitre.oval:def:9815",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9815"
},
{
"name": "35415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35415"
},
{
"name": "RHSA-2009:1095",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1095.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=503583",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503583"
},
{
"name": "55159",
"refsource": "OSVDB",
"url": "http://osvdb.org/55159"
},
{
"name": "SSA:2009-167-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468"
},
{
"name": "35561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35561"
},
{
"name": "SSA:2009-176-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408"
},
{
"name": "DSA-1820",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1820"
},
{
"name": "264308",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
},
{
"name": "1022397",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022397"
},
{
"name": "35373",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35373"
}
]
}
}

130
2009/3xxx/CVE-2009-3008.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3008",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3008",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html"
},
{
"name" : "kmeleon-windowopen-spoofing(53011)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53011"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2009/08/multiple-browsers-fake-url-folder-file.html"
},
{
"name": "kmeleon-windowopen-spoofing(53011)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53011"
}
]
}
}

160
2009/3xxx/CVE-2009-3575.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3575",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3575",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://qa.mandriva.com/show_bug.cgi?id=52840",
"refsource" : "CONFIRM",
"url" : "https://qa.mandriva.com/show_bug.cgi?id=52840"
},
{
"name" : "DSA-1957",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1957"
},
{
"name" : "MDVSA-2009:226",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:226"
},
{
"name" : "36332",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36332"
},
{
"name" : "37971",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37971"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36332",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36332"
},
{
"name": "37971",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37971"
},
{
"name": "DSA-1957",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1957"
},
{
"name": "https://qa.mandriva.com/show_bug.cgi?id=52840",
"refsource": "CONFIRM",
"url": "https://qa.mandriva.com/show_bug.cgi?id=52840"
},
{
"name": "MDVSA-2009:226",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:226"
}
]
}
}

210
2009/3xxx/CVE-2009-3695.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3695",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20091013 Re: Duplicate CVE assignment notification [was: CVE id request: django]",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/10/13/6"
},
{
"name" : "http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/",
"refsource" : "MISC",
"url" : "http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457"
},
{
"name" : "http://www.djangoproject.com/weblog/2009/oct/09/security/",
"refsource" : "CONFIRM",
"url" : "http://www.djangoproject.com/weblog/2009/oct/09/security/"
},
{
"name" : "DSA-1905",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1905"
},
{
"name" : "36655",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36655"
},
{
"name" : "36948",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36948"
},
{
"name" : "36968",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36968"
},
{
"name" : "ADV-2009-2871",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2871"
},
{
"name" : "django-emailfield-urlfield-dos(53727)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53727"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) EmailField (email address) or (2) URLField (URL) that triggers a large amount of backtracking in a regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36655"
},
{
"name": "django-emailfield-urlfield-dos(53727)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53727"
},
{
"name": "http://www.djangoproject.com/weblog/2009/oct/09/security/",
"refsource": "CONFIRM",
"url": "http://www.djangoproject.com/weblog/2009/oct/09/security/"
},
{
"name": "36948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36948"
},
{
"name": "36968",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36968"
},
{
"name": "DSA-1905",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1905"
},
{
"name": "http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/",
"refsource": "MISC",
"url": "http://groups.google.com/group/django-users/browse_thread/thread/15df9e45118dfc51/"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=550457"
},
{
"name": "[oss-security] 20091013 Re: Duplicate CVE assignment notification [was: CVE id request: django]",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/10/13/6"
},
{
"name": "ADV-2009-2871",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2871"
}
]
}
}

150
2009/4xxx/CVE-2009-4253.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.websecurity.com.ua/1845",
"refsource" : "MISC",
"url" : "http://www.websecurity.com.ua/1845"
},
{
"name" : "37150",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37150"
},
{
"name" : "30423",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30423"
},
{
"name" : "powerphlogger-dspstats-xss(54541)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54541"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.websecurity.com.ua/1845",
"refsource": "MISC",
"url": "http://www.websecurity.com.ua/1845"
},
{
"name": "30423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30423"
},
{
"name": "37150",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37150"
},
{
"name": "powerphlogger-dspstats-xss(54541)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54541"
}
]
}
}

140
2009/4xxx/CVE-2009-4494.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4494",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4494",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
},
{
"name" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt",
"refsource" : "MISC",
"url" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name" : "37712",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37712"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37712"
},
{
"name": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt",
"refsource": "MISC",
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
}
]
}
}

150
2009/4xxx/CVE-2009-4873.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4873",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4873",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.rangos.de/ServU-ADV.txt",
"refsource" : "MISC",
"url" : "http://www.rangos.de/ServU-ADV.txt"
},
{
"name" : "36895",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36895"
},
{
"name" : "37228",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37228"
},
{
"name" : "ADV-2009-3116",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3116"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.rangos.de/ServU-ADV.txt",
"refsource": "MISC",
"url": "http://www.rangos.de/ServU-ADV.txt"
},
{
"name": "ADV-2009-3116",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3116"
},
{
"name": "36895",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36895"
},
{
"name": "37228",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37228"
}
]
}
}

150
2012/2xxx/CVE-2012-2060.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2060",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2060",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name" : "http://drupal.org/node/1482126",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1482126"
},
{
"name" : "52502",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52502"
},
{
"name" : "admintools-drupal-xss(74057)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74057"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Admin tools module for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1482126",
"refsource": "MISC",
"url": "http://drupal.org/node/1482126"
},
{
"name": "52502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52502"
},
{
"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name": "admintools-drupal-xss(74057)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74057"
}
]
}
}

200
2012/2xxx/CVE-2012-2336.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2336",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.php.net/ChangeLog-5.php#5.4.3",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php#5.4.3"
},
{
"name" : "http://www.php.net/archive/2012.php#id2012-05-08-1",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/archive/2012.php#id2012-05-08-1"
},
{
"name" : "https://bugs.php.net/bug.php?id=61910",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=61910"
},
{
"name" : "https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1"
},
{
"name" : "HPSBMU02900",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name" : "SSRT100992",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name" : "SUSE-SU-2012:0840",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
},
{
"name" : "SUSE-SU-2012:0721",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html"
},
{
"name" : "49014",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49014"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:0721",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-06/msg00004.html"
},
{
"name": "SUSE-SU-2012:0840",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-07/msg00003.html"
},
{
"name": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/patch-display.php?bug_id=61910&patch=CVE-2012-1823.patch&revision=1336251592&display=1"
},
{
"name": "49014",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49014"
},
{
"name": "https://bugs.php.net/bug.php?id=61910",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=61910"
},
{
"name": "http://www.php.net/archive/2012.php#id2012-05-08-1",
"refsource": "CONFIRM",
"url": "http://www.php.net/archive/2012.php#id2012-05-08-1"
},
{
"name": "SSRT100992",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "HPSBMU02900",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862"
},
{
"name": "http://www.php.net/ChangeLog-5.php#5.4.3",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.4.3"
}
]
}
}

34
2012/2xxx/CVE-2012-2501.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2501",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2501",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2012/2xxx/CVE-2012-2660.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2660",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2694."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[rubyonrails-security] 20120531 Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2660)",
"refsource" : "MLIST",
"url" : "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain"
},
{
"name" : "RHSA-2013:0154",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0154.html"
},
{
"name" : "SUSE-SU-2012:1015",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html"
},
{
"name" : "openSUSE-SU-2012:0978",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html"
},
{
"name" : "SUSE-SU-2012:1012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"
},
{
"name" : "SUSE-SU-2012:1014",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"
},
{
"name" : "openSUSE-SU-2012:1066",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Active Record component and the Rack interface, which allows remote attackers to bypass intended database-query restrictions and perform NULL checks via a crafted request, as demonstrated by certain \"[nil]\" values, a related issue to CVE-2012-2694."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:1015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00017.html"
},
{
"name": "SUSE-SU-2012:1012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00014.html"
},
{
"name": "openSUSE-SU-2012:0978",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00002.html"
},
{
"name": "SUSE-SU-2012:1014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00016.html"
},
{
"name": "openSUSE-SU-2012:1066",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00046.html"
},
{
"name": "[rubyonrails-security] 20120531 Unsafe Query Generation Risk in Ruby on Rails (CVE-2012-2660)",
"refsource": "MLIST",
"url": "https://groups.google.com/group/rubyonrails-security/msg/d890f8d58b5fbf32?dmode=source&output=gplain"
},
{
"name": "RHSA-2013:0154",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0154.html"
}
]
}
}

170
2012/2xxx/CVE-2012-2920.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://plugins.trac.wordpress.org/changeset?old_path=%2Fuser-photo&old=541880&new_path=%2Fuser-photo&new=541880",
"refsource" : "CONFIRM",
"url" : "http://plugins.trac.wordpress.org/changeset?old_path=%2Fuser-photo&old=541880&new_path=%2Fuser-photo&new=541880"
},
{
"name" : "http://wordpress.org/extend/plugins/user-photo/changelog/",
"refsource" : "CONFIRM",
"url" : "http://wordpress.org/extend/plugins/user-photo/changelog/"
},
{
"name" : "53449",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53449"
},
{
"name" : "81806",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81806"
},
{
"name" : "49100",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49100"
},
{
"name" : "userphoto-optionsgeneral-xss(75496)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75496"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to wp-admin/options-general.php. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fuser-photo&old=541880&new_path=%2Fuser-photo&new=541880",
"refsource": "CONFIRM",
"url": "http://plugins.trac.wordpress.org/changeset?old_path=%2Fuser-photo&old=541880&new_path=%2Fuser-photo&new=541880"
},
{
"name": "userphoto-optionsgeneral-xss(75496)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75496"
},
{
"name": "81806",
"refsource": "OSVDB",
"url": "http://osvdb.org/81806"
},
{
"name": "53449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53449"
},
{
"name": "49100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49100"
},
{
"name": "http://wordpress.org/extend/plugins/user-photo/changelog/",
"refsource": "CONFIRM",
"url": "http://wordpress.org/extend/plugins/user-photo/changelog/"
}
]
}
}

420
2015/0xxx/CVE-2015-0206.json
View File

@ -1,212 +1,212 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0206",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f",
"refsource" : "CONFIRM",
"url" : "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f"
},
{
"name" : "https://www.openssl.org/news/secadv_20150108.txt",
"refsource" : "CONFIRM",
"url" : "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa88",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa88"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10102",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10102"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10108",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10108"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
},
{
"name" : "DSA-3125",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3125"
},
{
"name" : "FEDORA-2015-0512",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
},
{
"name" : "FEDORA-2015-0601",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
},
{
"name" : "HPSBHF03289",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=142721102728110&w=2"
},
{
"name" : "HPSBMU03380",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143748090628601&w=2"
},
{
"name" : "HPSBMU03396",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050205101530&w=2"
},
{
"name" : "HPSBMU03397",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050297101809&w=2"
},
{
"name" : "HPSBMU03409",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
},
{
"name" : "HPSBMU03413",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050254401665&w=2"
},
{
"name" : "MDVSA-2015:019",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
},
{
"name" : "MDVSA-2015:062",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"name" : "RHSA-2015:0066",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
},
{
"name" : "openSUSE-SU-2015:0130",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
},
{
"name" : "SUSE-SU-2015:0946",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"name" : "openSUSE-SU-2015:1277",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"name" : "91787",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/91787"
},
{
"name" : "71940",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71940"
},
{
"name" : "1033378",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033378"
},
{
"name" : "openssl-cve20150206-dos(99704)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99704"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k allows remote attackers to cause a denial of service (memory consumption) by sending many duplicate records for the next epoch, leading to failure of replay detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
},
{
"name": "openSUSE-SU-2015:0130",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-01/msg00021.html"
},
{
"name": "20150310 Multiple Vulnerabilities in OpenSSL (January 2015) Affecting Cisco Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150310-ssl"
},
{
"name": "openssl-cve20150206-dos(99704)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99704"
},
{
"name": "HPSBMU03409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
},
{
"name": "HPSBMU03380",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2"
},
{
"name": "FEDORA-2015-0601",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148363.html"
},
{
"name": "1033378",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033378"
},
{
"name": "HPSBHF03289",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=142721102728110&w=2"
},
{
"name": "https://www.openssl.org/news/secadv_20150108.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20150108.txt"
},
{
"name": "MDVSA-2015:019",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:019"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "openSUSE-SU-2015:1277",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
},
{
"name": "RHSA-2015:0066",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0066.html"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10108"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10102"
},
{
"name": "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f",
"refsource": "CONFIRM",
"url": "https://github.com/openssl/openssl/commit/103b171d8fc282ef435f8de9afbf7782e312961f"
},
{
"name": "SUSE-SU-2015:0946",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-05/msg00026.html"
},
{
"name": "HPSBMU03397",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2"
},
{
"name": "91787",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91787"
},
{
"name": "71940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71940"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "HPSBMU03396",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050205101530&w=2"
},
{
"name": "MDVSA-2015:062",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:062"
},
{
"name": "HPSBMU03413",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050254401665&w=2"
},
{
"name": "https://bto.bluecoat.com/security-advisory/sa88",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa88"
},
{
"name": "DSA-3125",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3125"
},
{
"name": "FEDORA-2015-0512",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/147938.html"
}
]
}
}

290
2015/0xxx/CVE-2015-0374.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0374",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0374",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name" : "DSA-3135",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3135"
},
{
"name" : "FEDORA-2015-1162",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html"
},
{
"name" : "GLSA-201504-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201504-05"
},
{
"name" : "RHSA-2015:0116",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0116.html"
},
{
"name" : "RHSA-2015:0117",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0117.html"
},
{
"name" : "RHSA-2015:0118",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0118.html"
},
{
"name" : "RHSA-2015:1628",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1628.html"
},
{
"name" : "SUSE-SU-2015:0743",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"name" : "USN-2480-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2480-1"
},
{
"name" : "72227",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72227"
},
{
"name" : "1031581",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031581"
},
{
"name" : "62728",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62728"
},
{
"name" : "62730",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62730"
},
{
"name" : "62732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62732"
},
{
"name" : "oracle-cpujan2015-cve20150374(100191)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100191"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0118",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0118.html"
},
{
"name": "DSA-3135",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3135"
},
{
"name": "RHSA-2015:0116",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0116.html"
},
{
"name": "USN-2480-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2480-1"
},
{
"name": "72227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72227"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "SUSE-SU-2015:0743",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00016.html"
},
{
"name": "RHSA-2015:1628",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1628.html"
},
{
"name": "62732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62732"
},
{
"name": "oracle-cpujan2015-cve20150374(100191)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100191"
},
{
"name": "RHSA-2015:0117",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0117.html"
},
{
"name": "1031581",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031581"
},
{
"name": "GLSA-201504-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201504-05"
},
{
"name": "62728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62728"
},
{
"name": "FEDORA-2015-1162",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-February/149929.html"
},
{
"name": "62730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62730"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

150
2015/1xxx/CVE-2015-1039.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1039",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150111 Re: CVE request",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/01/11/4"
},
{
"name" : "https://github.com/ZF-Commons/ZfcUser/commit/baf0e460",
"refsource" : "CONFIRM",
"url" : "https://github.com/ZF-Commons/ZfcUser/commit/baf0e460"
},
{
"name" : "https://github.com/ZF-Commons/ZfcUser/issues/550",
"refsource" : "CONFIRM",
"url" : "https://github.com/ZF-Commons/ZfcUser/issues/550"
},
{
"name" : "71931",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71931"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in user/login.phtml in ZF-Commons ZfcUser before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZF-Commons/ZfcUser/issues/550",
"refsource": "CONFIRM",
"url": "https://github.com/ZF-Commons/ZfcUser/issues/550"
},
{
"name": "[oss-security] 20150111 Re: CVE request",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/11/4"
},
{
"name": "https://github.com/ZF-Commons/ZfcUser/commit/baf0e460",
"refsource": "CONFIRM",
"url": "https://github.com/ZF-Commons/ZfcUser/commit/baf0e460"
},
{
"name": "71931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71931"
}
]
}
}

200
2015/1xxx/CVE-2015-1072.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1072",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1072",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT204560",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204560"
},
{
"name" : "https://support.apple.com/HT204661",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204661"
},
{
"name" : "https://support.apple.com/HT204662",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204662"
},
{
"name" : "https://support.apple.com/kb/HT204949",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT204949"
},
{
"name" : "APPLE-SA-2015-03-17-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html"
},
{
"name" : "APPLE-SA-2015-04-08-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name" : "APPLE-SA-2015-04-08-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"name" : "APPLE-SA-2015-06-30-6",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html"
},
{
"name" : "1031936",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031936"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "APPLE-SA-2015-06-30-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html"
},
{
"name": "APPLE-SA-2015-03-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html"
},
{
"name": "https://support.apple.com/kb/HT204949",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT204949"
},
{
"name": "1031936",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031936"
},
{
"name": "https://support.apple.com/HT204662",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204662"
},
{
"name": "https://support.apple.com/HT204560",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204560"
},
{
"name": "APPLE-SA-2015-04-08-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}

170
2015/1xxx/CVE-2015-1154.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT204826",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204826"
},
{
"name" : "https://support.apple.com/kb/HT204949",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT204949"
},
{
"name" : "APPLE-SA-2015-05-06-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/May/msg00000.html"
},
{
"name" : "APPLE-SA-2015-06-30-6",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html"
},
{
"name" : "74526",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74526"
},
{
"name" : "1032270",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032270"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and 8.x before 8.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than CVE-2015-1152 and CVE-2015-1153."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204826",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204826"
},
{
"name": "APPLE-SA-2015-06-30-6",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html"
},
{
"name": "1032270",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032270"
},
{
"name": "74526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74526"
},
{
"name": "https://support.apple.com/kb/HT204949",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT204949"
},
{
"name": "APPLE-SA-2015-05-06-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/May/msg00000.html"
}
]
}
}

160
2015/1xxx/CVE-2015-1164.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1164",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nodesecurity.io/advisories/serve-static-open-redirect",
"refsource" : "CONFIRM",
"url" : "http://nodesecurity.io/advisories/serve-static-open-redirect"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1181917",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1181917"
},
{
"name" : "https://github.com/expressjs/serve-static/issues/26",
"refsource" : "CONFIRM",
"url" : "https://github.com/expressjs/serve-static/issues/26"
},
{
"name" : "72064",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72064"
},
{
"name" : "nodejs-servestatic-open-redirect(99936)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99936"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "nodejs-servestatic-open-redirect(99936)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99936"
},
{
"name": "https://github.com/expressjs/serve-static/issues/26",
"refsource": "CONFIRM",
"url": "https://github.com/expressjs/serve-static/issues/26"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1181917",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1181917"
},
{
"name": "72064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72064"
},
{
"name": "http://nodesecurity.io/advisories/serve-static-open-redirect",
"refsource": "CONFIRM",
"url": "http://nodesecurity.io/advisories/serve-static-open-redirect"
}
]
}
}

130
2015/1xxx/CVE-2015-1515.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1515",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "36052",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/36052"
},
{
"name" : "117996",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/117996"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36052",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/36052"
},
{
"name": "117996",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/117996"
}
]
}
}

140
2015/1xxx/CVE-2015-1708.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1708",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-1708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-043",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043"
},
{
"name" : "74511",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74511"
},
{
"name" : "1032282",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032282"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74511"
},
{
"name": "1032282",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032282"
},
{
"name": "MS15-043",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-043"
}
]
}
}

160
2015/1xxx/CVE-2015-1839.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1839",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1839",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1212788",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1212788"
},
{
"name" : "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html",
"refsource" : "CONFIRM",
"url" : "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html"
},
{
"name" : "https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c",
"refsource" : "CONFIRM",
"url" : "https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c"
},
{
"name" : "https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81",
"refsource" : "CONFIRM",
"url" : "https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81"
},
{
"name" : "FEDORA-2016-105b3b8804",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "modules/chef.py in SaltStack before 2014.7.4 does not properly handle files in /tmp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81",
"refsource": "CONFIRM",
"url": "https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1212788",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1212788"
},
{
"name": "FEDORA-2016-105b3b8804",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175568.html"
},
{
"name": "https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c",
"refsource": "CONFIRM",
"url": "https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c"
},
{
"name": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html",
"refsource": "CONFIRM",
"url": "https://docs.saltstack.com/en/latest/topics/releases/2014.7.4.html"
}
]
}
}

34
2015/5xxx/CVE-2015-5280.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5280",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-5280",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
}
]
}
}

150
2015/5xxx/CVE-2015-5375.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5375",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150923 Open-Xchange Security Advisory 2015-09-23",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536523/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html"
},
{
"name" : "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf",
"refsource" : "CONFIRM",
"url" : "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf"
},
{
"name" : "1034018",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034018"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in unspecified dialogs for printing content in the Front End in Open-Xchange Server 6 and OX App Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before 7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to inject arbitrary web script or HTML via unknown vectors related to object properties."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133674/Open-Xchange-Server-6-OX-AppSuite-Cross-Site-Scripting.html"
},
{
"name": "20150923 Open-Xchange Security Advisory 2015-09-23",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536523/100/0/threaded"
},
{
"name": "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf",
"refsource": "CONFIRM",
"url": "http://software.open-xchange.com/products/appsuite/doc/Release_Notes_for_Patch_Release_2614_7.6.2_2015-07-22.pdf"
},
{
"name": "1034018",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034018"
}
]
}
}

120
2015/5xxx/CVE-2015-5443.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5443",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2015-5443",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822249",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822249"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822249",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04822249"
}
]
}
}

140
2015/5xxx/CVE-2015-5489.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"name" : "https://www.drupal.org/node/2480321",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2480321"
},
{
"name" : "https://www.drupal.org/node/2480289",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2480289"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Smart Trim module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors involving the field settings form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2480321",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2480321"
},
{
"name": "https://www.drupal.org/node/2480289",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2480289"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
}
]
}
}

170
2015/5xxx/CVE-2015-5781.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5781",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT205030",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205030"
},
{
"name" : "https://support.apple.com/kb/HT205031",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205031"
},
{
"name" : "APPLE-SA-2015-08-13-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name" : "APPLE-SA-2015-08-13-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name" : "76343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76343"
},
{
"name" : "1033275",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not properly initialize an unspecified data structure, which allows remote attackers to obtain sensitive information from process memory via a crafted PNG image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT205030",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205030"
},
{
"name": "1033275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2015-08-13-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "76343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76343"
}
]
}
}

120
2018/11xxx/CVE-2018-11546.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11546",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11546",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/mity/md4c/issues/38",
"refsource" : "MISC",
"url" : "https://github.com/mity/md4c/issues/38"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mity/md4c/issues/38",
"refsource": "MISC",
"url": "https://github.com/mity/md4c/issues/38"
}
]
}
}

34
2018/11xxx/CVE-2018-11630.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11630",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11630",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

142
2018/3xxx/CVE-2018-3091.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3091",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "VM VirtualBox",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "5.2.16"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "VM VirtualBox",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "5.2.16"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104764"
},
{
"name" : "1041296",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041296"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.16. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104764"
},
{
"name": "1041296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041296"
}
]
}
}

34
2018/3xxx/CVE-2018-3322.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3322",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3322",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/3xxx/CVE-2018-3633.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3633",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3633",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

132
2018/3xxx/CVE-2018-3719.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2018-3719",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "mixin-deep node module",
"version" : {
"version_data" : [
{
"version_value" : "Versions before 1.3.1"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Modification of Assumed-Immutable Data (MAID) (CWE-471)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2018-3719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "mixin-deep node module",
"version": {
"version_data": [
{
"version_value": "Versions before 1.3.1"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/jonschlinkert/mixin-deep/commit/578b0bc5e74e14de9ef4975f504dc698796bdf9c",
"refsource" : "MISC",
"url" : "https://github.com/jonschlinkert/mixin-deep/commit/578b0bc5e74e14de9ef4975f504dc698796bdf9c"
},
{
"name" : "https://hackerone.com/reports/311236",
"refsource" : "MISC",
"url" : "https://hackerone.com/reports/311236"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of \"Object\" via __proto__, causing the addition or modification of an existing property that will exist on all objects."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Modification of Assumed-Immutable Data (MAID) (CWE-471)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/jonschlinkert/mixin-deep/commit/578b0bc5e74e14de9ef4975f504dc698796bdf9c",
"refsource": "MISC",
"url": "https://github.com/jonschlinkert/mixin-deep/commit/578b0bc5e74e14de9ef4975f504dc698796bdf9c"
},
{
"name": "https://hackerone.com/reports/311236",
"refsource": "MISC",
"url": "https://hackerone.com/reports/311236"
}
]
}
}

130
2018/3xxx/CVE-2018-3829.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "bressers@elastic.co",
"ID" : "CVE-2018-3829",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Elastic Cloud Enterprise",
"version" : {
"version_data" : [
{
"version_value" : "before 1.1.4"
}
]
}
}
]
},
"vendor_name" : "Elastic"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285: Improper Authorization"
}
"CVE_data_meta": {
"ASSIGNER": "security@elastic.co",
"ID": "CVE-2018-3829",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Elastic Cloud Enterprise",
"version": {
"version_data": [
{
"version_value": "before 1.1.4"
}
]
}
}
]
},
"vendor_name": "Elastic"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
"refsource" : "CONFIRM",
"url" : "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778"
},
{
"name" : "https://www.elastic.co/community/security",
"refsource" : "CONFIRM",
"url" : "https://www.elastic.co/community/security"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invalid roles token. An attacker with access to the previous runner ID and IP address of the coordinator-host could add a allocator to an existing ECE install to gain access to other clusters data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.elastic.co/community/security",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/community/security"
},
{
"name": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778",
"refsource": "CONFIRM",
"url": "https://discuss.elastic.co/t/elastic-cloud-enterprise-1-1-4-security-update/135778"
}
]
}
}

120
2018/3xxx/CVE-2018-3854.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"ID" : "CVE-2018-3854",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2018-3854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0537",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0537"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable information disclosure vulnerability exists in the password protection functionality of Quicken Deluxe 2018 for Mac version 5.2.2. A specially crafted sqlite3 request can cause the removal of the password protection, allowing an attacker to access and modify the data without knowing the password. An attacker needs to have access to the password-protected files to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0537",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0537"
}
]
}
}

200
2018/7xxx/CVE-2018-7183.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7183",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.ntp.org/bin/view/Main/NtpBug3414",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/NtpBug3414"
},
{
"name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
},
{
"name" : "https://www.synology.com/support/security/Synology_SA_18_13",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180626-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name" : "FreeBSD-SA-18:02",
"refsource" : "FREEBSD",
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"name" : "GLSA-201805-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201805-12"
},
{
"name" : "USN-3707-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3707-1/"
},
{
"name" : "USN-3707-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3707-2/"
},
{
"name" : "103351",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103351"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 through 4.2.8p10 allows remote attackers to execute arbitrary code by leveraging an ntpq query and sending a response with a crafted array."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201805-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201805-12"
},
{
"name": "FreeBSD-SA-18:02",
"refsource": "FREEBSD",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:02.ntp.asc"
},
{
"name": "USN-3707-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-2/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180626-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180626-0001/"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S"
},
{
"name": "USN-3707-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3707-1/"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_13",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_13"
},
{
"name": "103351",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103351"
},
{
"name": "http://support.ntp.org/bin/view/Main/NtpBug3414",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/NtpBug3414"
}
]
}
}

34
2018/7xxx/CVE-2018-7383.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7383",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7383",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/7xxx/CVE-2018-7467.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7467",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.projectxit.com.au/blog/2018/2/27/axxonsoft-client-directory-traversal-cve-2018-7467-axxonsoft-axxon-next-axxonsoft-client-directory-traversal-via-an-initial-css2f-substring-in-a-uri-cve-2018-7467",
"refsource" : "MISC",
"url" : "http://www.projectxit.com.au/blog/2018/2/27/axxonsoft-client-directory-traversal-cve-2018-7467-axxonsoft-axxon-next-axxonsoft-client-directory-traversal-via-an-initial-css2f-substring-in-a-uri-cve-2018-7467"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f substring in a URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.projectxit.com.au/blog/2018/2/27/axxonsoft-client-directory-traversal-cve-2018-7467-axxonsoft-axxon-next-axxonsoft-client-directory-traversal-via-an-initial-css2f-substring-in-a-uri-cve-2018-7467",
"refsource": "MISC",
"url": "http://www.projectxit.com.au/blog/2018/2/27/axxonsoft-client-directory-traversal-cve-2018-7467-axxonsoft-axxon-next-axxonsoft-client-directory-traversal-via-an-initial-css2f-substring-in-a-uri-cve-2018-7467"
}
]
}
}

122
2018/7xxx/CVE-2018-7899.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"DATE_PUBLIC" : "2018-04-18T00:00:00",
"ID" : "CVE-2018-7899",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Berkeley-AL20, Berkeley-BD",
"version" : {
"version_data" : [
{
"version_value" : "Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "double free"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2018-04-18T00:00:00",
"ID": "CVE-2018-7899",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Berkeley-AL20, Berkeley-BD",
"version": {
"version_data": [
{
"version_value": "Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphone",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphone"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones with software Berkeley-AL20 8.0.0.105(C00), 8.0.0.111(C00), 8.0.0.112D(C00), 8.0.0.116(C00), 8.0.0.119(C00), 8.0.0.119D(C00), 8.0.0.122(C00), 8.0.0.132(C00), 8.0.0.132D(C00), 8.0.0.142(C00), 8.0.0.151(C00), Berkeley-BD 1.0.0.21, 1.0.0.22, 1.0.0.23, 1.0.0.24, 1.0.0.26, 1.0.0.29 has a double free vulnerability. An attacker can trick a user to install a malicious application and exploit this vulnerability when in the exception handling process. Successful exploitation may cause system reboot."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "double free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphone",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180418-01-smartphone"
}
]
}
}

120
2018/8xxx/CVE-2018-8103.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8103",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652",
"refsource" : "MISC",
"url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652"
}
]
}
}

428
2018/8xxx/CVE-2018-8392.json
View File

@ -1,216 +1,216 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2008",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 2"
},
{
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value" : "Itanium-Based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8392",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8392"
},
{
"name" : "105213",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105213"
},
{
"name" : "1041625",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041625"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability exists in the Microsoft JET Database Engine that could allow remote code execution on an affected system, aka \"Microsoft JET Database Engine Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8393."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8392",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8392"
},
{
"name": "1041625",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041625"
},
{
"name": "105213",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105213"
}
]
}
}

170
2018/8xxx/CVE-2018-8527.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SQL Server Management Studio 17.9",
"version" : {
"version_data" : [
{
"version_value" : "SQL Server Management Studio 17.9"
}
]
}
},
{
"product_name" : "SQL Server Management Studio 18.0",
"version" : {
"version_data" : [
{
"version_value" : "(Preview 4)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka \"SQL Server Management Studio Information Disclosure Vulnerability.\" This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SQL Server Management Studio 17.9",
"version": {
"version_data": [
{
"version_value": "SQL Server Management Studio 17.9"
}
]
}
},
{
"product_name": "SQL Server Management Studio 18.0",
"version": {
"version_data": [
{
"version_value": "(Preview 4)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45585",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45585/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8527",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8527"
},
{
"name" : "105474",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105474"
},
{
"name" : "1041826",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041826"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka \"SQL Server Management Studio Information Disclosure Vulnerability.\" This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8527",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8527"
},
{
"name": "105474",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105474"
},
{
"name": "1041826",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041826"
},
{
"name": "45585",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45585/"
}
]
}
}

34
2018/8xxx/CVE-2018-8615.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8615",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8615",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}