admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:13:43 +00:00
parent 10ca9882eb
commit 492a40f2ba
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
45 changed files with 3636 additions and 3636 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2005/0xxx/CVE-2005-0065.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0065",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka \"TCP sequence number checking\"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged \"Destination Unreachable\" messages, (2) blind throughput-reduction attacks with forged \"Source Quench\" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0065",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html",
"refsource" : "MISC",
"url" : "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html"
},
{
"name" : "13124",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka \"TCP sequence number checking\"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged \"Destination Unreachable\" messages, (2) blind throughput-reduction attacks with forged \"Source Quench\" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13124"
},
{
"name": "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html",
"refsource": "MISC",
"url": "http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html"
}
]
}
}

130
2005/0xxx/CVE-2005-0866.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0866",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "USN-100-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/100-1/"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291376",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291376"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-100-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/100-1/"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291376",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=291376"
}
]
}
}

130
2005/2xxx/CVE-2005-2612.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2612",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2612",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050809 (no subject)",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0234.html"
},
{
"name" : "16386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16386"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16386"
},
{
"name": "20050809 (no subject)",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0234.html"
}
]
}
}

150
2005/2xxx/CVE-2005-2721.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2721",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050824 Foojan PHP Weblog Information Disclosure - Refferer Html Injection",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112491140712884&w=2"
},
{
"name" : "14658",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14658"
},
{
"name" : "16565",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16565/"
},
{
"name" : "foojan-referer-code-execution(22004)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) admin.php in Foojan PHP Weblog allow remote attackers to inject arbitrary web script or HTML via the Referer field in the HTTP header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16565",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16565/"
},
{
"name": "foojan-referer-code-execution(22004)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22004"
},
{
"name": "14658",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14658"
},
{
"name": "20050824 Foojan PHP Weblog Information Disclosure - Refferer Html Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112491140712884&w=2"
}
]
}
}

160
2005/2xxx/CVE-2005-2843.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2843",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050829 Vulnerability in Helpdesk software Hesk 0.92",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112534893423213&w=2"
},
{
"name" : "20050830 Re: Vulnerability in Helpdesk software Hesk 0.92",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112545306117124&w=2"
},
{
"name" : "14692",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14692"
},
{
"name" : "16623",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16623/"
},
{
"name" : "helpdesk-adminmain-security-bypass(22054)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22054"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050829 Vulnerability in Helpdesk software Hesk 0.92",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112534893423213&w=2"
},
{
"name": "16623",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16623/"
},
{
"name": "20050830 Re: Vulnerability in Helpdesk software Hesk 0.92",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112545306117124&w=2"
},
{
"name": "14692",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14692"
},
{
"name": "helpdesk-adminmain-security-bypass(22054)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22054"
}
]
}
}

160
2005/3xxx/CVE-2005-3681.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3681",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3681",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051112 XOOPS 2.2.3 Final arbitrary local inclusion / XOOPS WF-Downloads",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113199244824660&w=2"
},
{
"name" : "15406",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15406/"
},
{
"name" : "ADV-2005-2425",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2425"
},
{
"name" : "20852",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20852"
},
{
"name" : "17575",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17575"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads module 2.05 allows remote attackers to execute arbitrary SQL commands via the list parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17575",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17575"
},
{
"name": "15406",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15406/"
},
{
"name": "ADV-2005-2425",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2425"
},
{
"name": "20852",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20852"
},
{
"name": "20051112 XOOPS 2.2.3 Final arbitrary local inclusion / XOOPS WF-Downloads",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113199244824660&w=2"
}
]
}
}

240
2005/3xxx/CVE-2005-3737.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3737",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1",
"refsource" : "CONFIRM",
"url" : "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"name" : "DSA-916",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-916"
},
{
"name" : "GLSA-200511-22",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"name" : "SUSE-SR:2005:028",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name" : "USN-217-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"name" : "15507",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15507"
},
{
"name" : "ADV-2005-2511",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2511"
},
{
"name" : "17651",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17651"
},
{
"name" : "17662",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17662"
},
{
"name" : "17778",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17778"
},
{
"name" : "17882",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17882"
},
{
"name" : "58",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/58"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200511-22",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-22.xml"
},
{
"name": "SUSE-SR:2005:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "17778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17778"
},
{
"name": "17651",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17651"
},
{
"name": "USN-217-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntulinux.org/usn/usn-217-1"
},
{
"name": "15507",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15507"
},
{
"name": "17882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17882"
},
{
"name": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1",
"refsource": "CONFIRM",
"url": "http://cvs.sourceforge.net/viewcvs.py/inkscape/inkscape/src/style.cpp?r1=1.110&r2=1.110.2.1"
},
{
"name": "ADV-2005-2511",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2511"
},
{
"name": "DSA-916",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-916"
},
{
"name": "58",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/58"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330894"
},
{
"name": "17662",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17662"
}
]
}
}

150
2005/3xxx/CVE-2005-3989.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3989",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-231.pdf",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-231.pdf"
},
{
"name" : "15668",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15668"
},
{
"name" : "ADV-2005-2685",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2685"
},
{
"name" : "17825",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17825"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2685",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2685"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2005-231.pdf",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2005-231.pdf"
},
{
"name": "15668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15668"
},
{
"name": "17825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17825"
}
]
}
}

120
2005/4xxx/CVE-2005-4130.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4130",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows remote attackers to execute arbitrary code. NOTE: it is not known whether this issue should be MERGED with CVE-2005-4126. The information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4130",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.eeye.com/html/research/upcoming/20051116.html",
"refsource" : "MISC",
"url" : "http://www.eeye.com/html/research/upcoming/20051116.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** UNVERIFIABLE, PRERELEASE ** NOTE: this issue describes a problem that can not be independently verified as of 20051208. Unspecified vulnerability in unspecified versions of Real Networks RealPlayer allows remote attackers to execute arbitrary code. NOTE: it is not known whether this issue should be MERGED with CVE-2005-4126. The information regarding this issue is extremely vague and does not provide any verifiable information. It has been posted by a reliable reporter with a prerelease disclosure policy. This item has only been assigned a CVE identifier for tracking purposes, and to serve as a concrete example for discussion of the newly emerging UNVERIFIABLE and PRERELEASE content decisions in CVE, which must be discussed by the Editorial Board. Without additional details or independent verification by reliable sources, it is possible that this item might be RECAST or REJECTED."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.eeye.com/html/research/upcoming/20051116.html",
"refsource": "MISC",
"url": "http://www.eeye.com/html/research/upcoming/20051116.html"
}
]
}
}

120
2005/4xxx/CVE-2005-4257.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4257",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "15861",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15861"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial of service (device crash) via an IP packet with the same source and destination IPs and ports, and with the SYN flag set (aka LAND). NOTE: the provenance of this issue is unknown; the details are obtained solely from the BID."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15861",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15861"
}
]
}
}

160
2005/4xxx/CVE-2005-4889.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz",
"refsource" : "CONFIRM",
"url" : "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=125517",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=598775",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
},
{
"name" : "MDVSA-2010:180",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
},
{
"name" : "rpm-setgid-privilege-escalation(59426)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/59426"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) setgid file, a related issue to CVE-2010-2059."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz",
"refsource": "CONFIRM",
"url": "http://distrib-coffee.ipsl.jussieu.fr/pub/mirrors/rpm/files/rpm/rpm-4.4/rpm-4.4.3.tar.gz"
},
{
"name": "MDVSA-2010:180",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:180"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=598775",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=598775"
},
{
"name": "rpm-setgid-privilege-escalation(59426)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59426"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=125517",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=125517"
}
]
}
}

210
2009/0xxx/CVE-2009-0154.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090519 ZDI-09-023: Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503597/100/0/threaded"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-023",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-023"
},
{
"name" : "http://support.apple.com/kb/HT3549",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3549"
},
{
"name" : "APPLE-SA-2009-05-12",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name" : "TA09-133A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name" : "34926",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34926"
},
{
"name" : "1022218",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022218"
},
{
"name" : "35074",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35074"
},
{
"name" : "ADV-2009-1297",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name" : "macos-ats-cff-bo(50478)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50478"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows remote attackers to execute arbitrary code via a crafted Compact Font Format (CFF) font."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3549",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3549"
},
{
"name": "35074",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35074"
},
{
"name": "APPLE-SA-2009-05-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
},
{
"name": "macos-ats-cff-bo(50478)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50478"
},
{
"name": "34926",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34926"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-023",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-023"
},
{
"name": "TA09-133A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
},
{
"name": "ADV-2009-1297",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1297"
},
{
"name": "1022218",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022218"
},
{
"name": "20090519 ZDI-09-023: Apple OS X ATSServer Compact Font Format Parsing Memory Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503597/100/0/threaded"
}
]
}
}

160
2009/2xxx/CVE-2009-2103.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2103",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2103",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/"
},
{
"name" : "35394",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35394"
},
{
"name" : "55123",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55123"
},
{
"name" : "35484",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35484"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) 0.2.3 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35394",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35394"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-008/"
},
{
"name": "http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/fe_mp3player/0.2.4/"
},
{
"name": "55123",
"refsource": "OSVDB",
"url": "http://osvdb.org/55123"
},
{
"name": "35484",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35484"
}
]
}
}

150
2009/2xxx/CVE-2009-2166.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2166",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2166",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090602 OCS Inventory NG 1.02 - Directory Traversal",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504047/100/0/threaded"
},
{
"name" : "8868",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8868"
},
{
"name" : "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml",
"refsource" : "MISC",
"url" : "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml"
},
{
"name" : "ocsinventory-cvs-info-disclosure(50946)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50946"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute path traversal vulnerability in cvs.php in OCS Inventory NG before 1.02.1 on Unix allows remote attackers to read arbitrary files via a full pathname in the log parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8868",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8868"
},
{
"name": "20090602 OCS Inventory NG 1.02 - Directory Traversal",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504047/100/0/threaded"
},
{
"name": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml",
"refsource": "MISC",
"url": "http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_directory_traversal.shtml"
},
{
"name": "ocsinventory-cvs-info-disclosure(50946)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50946"
}
]
}
}

140
2009/2xxx/CVE-2009-2321.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2321",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090702 Multiple Flaws in Axesstel MV 410R",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504716/100/0/threaded"
},
{
"name" : "35563",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35563"
},
{
"name" : "55681",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55681"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55681",
"refsource": "OSVDB",
"url": "http://osvdb.org/55681"
},
{
"name": "35563",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35563"
},
{
"name": "20090702 Multiple Flaws in Axesstel MV 410R",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504716/100/0/threaded"
}
]
}
}

170
2009/2xxx/CVE-2009-2460.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2460",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, have unspecified impact and remote attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2460",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090713 [oCERT-2009-010] mimeTeX and mathTeX buffer overflows and commandinjection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504919/100/0/threaded"
},
{
"name" : "http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578",
"refsource" : "MISC",
"url" : "http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578"
},
{
"name" : "http://www.ocert.org/advisories/ocert-2009-010.html",
"refsource" : "MISC",
"url" : "http://www.ocert.org/advisories/ocert-2009-010.html"
},
{
"name" : "35816",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35816"
},
{
"name" : "ADV-2009-1875",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1875"
},
{
"name" : "mathtex-mathtex-bo(51796)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51796"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, have unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1875",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1875"
},
{
"name": "20090713 [oCERT-2009-010] mimeTeX and mathTeX buffer overflows and commandinjection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504919/100/0/threaded"
},
{
"name": "mathtex-mathtex-bo(51796)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51796"
},
{
"name": "35816",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35816"
},
{
"name": "http://www.ocert.org/advisories/ocert-2009-010.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2009-010.html"
},
{
"name": "http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578",
"refsource": "MISC",
"url": "http://groups.google.com/group/comp.text.tex/browse_thread/thread/5d56d3d744351578"
}
]
}
}

150
2009/2xxx/CVE-2009-2738.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html",
"refsource" : "MISC",
"url" : "http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html"
},
{
"name" : "http://www.freenas.org/index.php?option=com_frontpage&Itemid=22",
"refsource" : "CONFIRM",
"url" : "http://www.freenas.org/index.php?option=com_frontpage&Itemid=22"
},
{
"name" : "JVN#15267895",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN15267895/index.html"
},
{
"name" : "JVNDB-2009-000053",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000053.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in the WebGUI in FreeNAS before 0.7RC1 allows remote attackers to hijack the authentication of users for unspecified requests via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.freenas.org/index.php?option=com_frontpage&Itemid=22",
"refsource": "CONFIRM",
"url": "http://www.freenas.org/index.php?option=com_frontpage&Itemid=22"
},
{
"name": "JVN#15267895",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN15267895/index.html"
},
{
"name": "JVNDB-2009-000053",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000053.html"
},
{
"name": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html",
"refsource": "MISC",
"url": "http://www.ipa.go.jp/security/vuln/documents/2009/200908_freenas.html"
}
]
}
}

160
2009/3xxx/CVE-2009-3164.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3164",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. NOTE: this issue exists because of an incomplete fix for CVE-2009-2136."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-10-1",
"refsource" : "CONFIRM",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-10-1"
},
{
"name" : "265608",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265608-1"
},
{
"name" : "1020829",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020829.1-1"
},
{
"name" : "36616",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36616"
},
{
"name" : "ADV-2009-2556",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2556"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the IPv6 networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through snv_122, when a Cassini GigaSwift Ethernet Adapter (aka CE) interface is used, allows remote attackers to cause a denial of service (panic) via vectors involving jumbo frames. NOTE: this issue exists because of an incomplete fix for CVE-2009-2136."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1020829",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020829.1-1"
},
{
"name": "ADV-2009-2556",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2556"
},
{
"name": "36616",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36616"
},
{
"name": "265608",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-265608-1"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-10-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141414-10-1"
}
]
}
}

160
2009/3xxx/CVE-2009-3788.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt"
},
{
"name" : "36777",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36777"
},
{
"name" : "59301",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/59301"
},
{
"name" : "30750",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/30750"
},
{
"name" : "opendocman-user-sql-injection(53886)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53886"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows remote attackers to execute arbitrary SQL commands via the frmuser (aka Username) parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59301",
"refsource": "OSVDB",
"url": "http://osvdb.org/59301"
},
{
"name": "36777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36777"
},
{
"name": "opendocman-user-sql-injection(53886)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53886"
},
{
"name": "30750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30750"
},
{
"name": "http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/0910-exploits/opendocman-sqlxss.txt"
}
]
}
}

320
2009/4xxx/CVE-2009-4030.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4030",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4030",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[commits] 20091110 bzr commit into mysql-5.0-bugteam branch (joro:2845) Bug#32167",
"refsource" : "MLIST",
"url" : "http://lists.mysql.com/commits/89940"
},
{
"name" : "[oss-security] 20091119 mysql-5.1.41",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/11/19/3"
},
{
"name" : "[oss-security] 20091124 Re: mysql-5.1.41",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=125908040022018&w=2"
},
{
"name" : "[oss-security] 20091124 Re: mysql-5.1.41",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/11/24/6"
},
{
"name" : "[oss-security] 20091124 Re: mysql-5.1.41",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=oss-security&m=125908080222685&w=2"
},
{
"name" : "http://bugs.mysql.com/bug.php?id=32167",
"refsource" : "CONFIRM",
"url" : "http://bugs.mysql.com/bug.php?id=32167"
},
{
"name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html",
"refsource" : "CONFIRM",
"url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html"
},
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name" : "DSA-1997",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-1997"
},
{
"name" : "RHSA-2010:0109",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0109.html"
},
{
"name" : "RHSA-2010:0110",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0110.html"
},
{
"name" : "SUSE-SR:2010:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name" : "SUSE-SR:2010:021",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name" : "USN-897-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-897-1"
},
{
"name" : "USN-1397-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name" : "oval:org.mitre.oval:def:11116",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11116"
},
{
"name" : "oval:org.mitre.oval:def:8156",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8156"
},
{
"name" : "38573",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38573"
},
{
"name" : "38517",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38517"
},
{
"name" : "ADV-2010-1107",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1107"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38573"
},
{
"name": "USN-1397-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1397-1"
},
{
"name": "38517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38517"
},
{
"name": "RHSA-2010:0109",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0109.html"
},
{
"name": "ADV-2010-1107",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1107"
},
{
"name": "[oss-security] 20091124 Re: mysql-5.1.41",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/11/24/6"
},
{
"name": "USN-897-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-897-1"
},
{
"name": "SUSE-SR:2010:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "[oss-security] 20091119 mysql-5.1.41",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/11/19/3"
},
{
"name": "[oss-security] 20091124 Re: mysql-5.1.41",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=125908080222685&w=2"
},
{
"name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html",
"refsource": "CONFIRM",
"url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "[oss-security] 20091124 Re: mysql-5.1.41",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=125908040022018&w=2"
},
{
"name": "oval:org.mitre.oval:def:11116",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11116"
},
{
"name": "RHSA-2010:0110",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0110.html"
},
{
"name": "SUSE-SR:2010:021",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00005.html"
},
{
"name": "http://bugs.mysql.com/bug.php?id=32167",
"refsource": "CONFIRM",
"url": "http://bugs.mysql.com/bug.php?id=32167"
},
{
"name": "[commits] 20091110 bzr commit into mysql-5.0-bugteam branch (joro:2845) Bug#32167",
"refsource": "MLIST",
"url": "http://lists.mysql.com/commits/89940"
},
{
"name": "oval:org.mitre.oval:def:8156",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8156"
},
{
"name": "DSA-1997",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-1997"
}
]
}
}

140
2009/4xxx/CVE-2009-4085.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4085",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "60466",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/60466"
},
{
"name" : "37455",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37455"
},
{
"name" : "phptraverser-mp3id-file-include(54378)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54378"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in assets/plugins/mp3_id/mp3_id.php in PHP Traverser 0.8.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[BASE] parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phptraverser-mp3id-file-include(54378)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54378"
},
{
"name": "37455",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37455"
},
{
"name": "60466",
"refsource": "OSVDB",
"url": "http://osvdb.org/60466"
}
]
}
}

140
2009/4xxx/CVE-2009-4256.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4256",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "10358",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10358"
},
{
"name" : "37626",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37626"
},
{
"name" : "alefmentor-cource-sql-injection(54624)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54624"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10358",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10358"
},
{
"name": "37626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37626"
},
{
"name": "alefmentor-cource-sql-injection(54624)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54624"
}
]
}
}

140
2009/4xxx/CVE-2009-4735.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4735",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4735",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9274",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9274"
},
{
"name" : "ADV-2009-2030",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2030"
},
{
"name" : "songsandclips-login-sql-injection(52013)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52013"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in login.php in Allomani Audio & Video Library (Songs & Clips version) 2.7.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "songsandclips-login-sql-injection(52013)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52013"
},
{
"name": "9274",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9274"
},
{
"name": "ADV-2009-2030",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2030"
}
]
}
}

190
2012/2xxx/CVE-2012-2658.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120529 CVE id request: Multiple buffer overflow in unixODBC",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/29/7"
},
{
"name" : "[oss-security] 20120529 Re: CVE id request: Multiple buffer overflow in unixODBC",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/29/10"
},
{
"name" : "[oss-security] 20120530 Re: CVE id request: Multiple buffer overflow in unixODBC",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/30/7"
},
{
"name" : "[oss-security] 20120531 Re: CVE id request: Multiple buffer overflow in unixODBC",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/31/2"
},
{
"name" : "[oss-security] 20120605 Re: CVE id request: Multiple buffer overflow in unixODBC",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/06/3"
},
{
"name" : "53712",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53712"
},
{
"name" : "82460",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/82460"
},
{
"name" : "unixodbc-sdc-bo(75940)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75940"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** DISPUTED ** Buffer overflow in the SQLDriverConnect function in unixODBC 2.3.1 allows local users to cause a denial of service (crash) via a long string in the DRIVER option. NOTE: this issue might not be a vulnerability, since the ability to set this option typically implies that the attacker already has legitimate access to cause a DoS or execute code, and therefore the issue would not cross privilege boundaries. There may be limited attack scenarios if isql command-line options are exposed to an attacker, although it seems likely that other, more serious issues would also be exposed, and this issue might not cross privilege boundaries in that context."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "82460",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82460"
},
{
"name": "unixodbc-sdc-bo(75940)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75940"
},
{
"name": "[oss-security] 20120605 Re: CVE id request: Multiple buffer overflow in unixODBC",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/06/3"
},
{
"name": "[oss-security] 20120530 Re: CVE id request: Multiple buffer overflow in unixODBC",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/30/7"
},
{
"name": "[oss-security] 20120531 Re: CVE id request: Multiple buffer overflow in unixODBC",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/31/2"
},
{
"name": "53712",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53712"
},
{
"name": "[oss-security] 20120529 Re: CVE id request: Multiple buffer overflow in unixODBC",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/29/10"
},
{
"name": "[oss-security] 20120529 CVE id request: Multiple buffer overflow in unixODBC",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/29/7"
}
]
}
}

270
2015/0xxx/CVE-2015-0252.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0252",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "36906",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/36906/"
},
{
"name" : "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html"
},
{
"name" : "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt",
"refsource" : "CONFIRM",
"url" : "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt"
},
{
"name" : "https://shibboleth.net/community/advisories/secadv_20150319.txt",
"refsource" : "CONFIRM",
"url" : "https://shibboleth.net/community/advisories/secadv_20150319.txt"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "DSA-3199",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3199"
},
{
"name" : "FEDORA-2015-4226",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html"
},
{
"name" : "FEDORA-2015-4272",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html"
},
{
"name" : "FEDORA-2015-4228",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html"
},
{
"name" : "FEDORA-2015-4251",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html"
},
{
"name" : "FEDORA-2015-4285",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html"
},
{
"name" : "FEDORA-2015-4321",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html"
},
{
"name" : "RHSA-2015:1193",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1193.html"
},
{
"name" : "openSUSE-SU-2016:0966",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html"
},
{
"name" : "73252",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73252"
},
{
"name" : "1032254",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032254"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3199",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3199"
},
{
"name": "73252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73252"
},
{
"name": "FEDORA-2015-4226",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152882.html"
},
{
"name": "FEDORA-2015-4228",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153887.html"
},
{
"name": "FEDORA-2015-4321",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153903.html"
},
{
"name": "openSUSE-SU-2016:0966",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00012.html"
},
{
"name": "FEDORA-2015-4251",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153829.html"
},
{
"name": "RHSA-2015:1193",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1193.html"
},
{
"name": "FEDORA-2015-4272",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153094.html"
},
{
"name": "FEDORA-2015-4285",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153923.html"
},
{
"name": "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/131756/Apache-Xerces-C-XML-Parser-Denial-Of-Service.html"
},
{
"name": "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt",
"refsource": "CONFIRM",
"url": "http://xerces.apache.org/xerces-c/secadv/CVE-2015-0252.txt"
},
{
"name": "1032254",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032254"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "36906",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/36906/"
},
{
"name": "https://shibboleth.net/community/advisories/secadv_20150319.txt",
"refsource": "CONFIRM",
"url": "https://shibboleth.net/community/advisories/secadv_20150319.txt"
}
]
}
}

240
2015/0xxx/CVE-2015-0253.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0253",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0253",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://httpd.apache.org/security/vulnerabilities_24.html",
"refsource" : "CONFIRM",
"url" : "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name" : "http://www.apache.org/dist/httpd/CHANGES_2.4",
"refsource" : "CONFIRM",
"url" : "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"name" : "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531",
"refsource" : "CONFIRM",
"url" : "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531"
},
{
"name" : "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb",
"refsource" : "CONFIRM",
"url" : "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb"
},
{
"name" : "https://support.apple.com/kb/HT205031",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205031"
},
{
"name" : "https://support.apple.com/HT205219",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205219"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name" : "APPLE-SA-2015-08-13-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-16-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"name" : "RHSA-2015:1666",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1666.html"
},
{
"name" : "75964",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75964"
},
{
"name" : "1032967",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032967"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531",
"refsource": "CONFIRM",
"url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=57531"
},
{
"name": "http://httpd.apache.org/security/vulnerabilities_24.html",
"refsource": "CONFIRM",
"url": "http://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"name": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb",
"refsource": "CONFIRM",
"url": "https://github.com/apache/httpd/commit/6a974059190b8a0c7e499f4ab12fe108127099cb"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "http://www.apache.org/dist/httpd/CHANGES_2.4",
"refsource": "CONFIRM",
"url": "http://www.apache.org/dist/httpd/CHANGES_2.4"
},
{
"name": "RHSA-2015:1666",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1666.html"
},
{
"name": "1032967",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032967"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "75964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75964"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "APPLE-SA-2015-09-16-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"name": "https://support.apple.com/HT205219",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205219"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

130
2015/0xxx/CVE-2015-0685.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0685",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0685",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150331 Cisco ASR1000 Series Routers Incomplete or Glean Adjacencies Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38124"
},
{
"name" : "1032004",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly handle route adjacencies, which allows remote attackers to cause a denial of service (device hang) via crafted IP packets, aka Bug ID CSCub31873."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150331 Cisco ASR1000 Series Routers Incomplete or Glean Adjacencies Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38124"
},
{
"name": "1032004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032004"
}
]
}
}

140
2015/0xxx/CVE-2015-0935.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0935",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2015-0935",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39958",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39958/"
},
{
"name" : "VU#978652",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/978652"
},
{
"name" : "74460",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74460"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bomgar Remote Support before 15.1.1 allows remote attackers to execute arbitrary PHP code via crafted serialized data to unspecified PHP scripts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#978652",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/978652"
},
{
"name": "74460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74460"
},
{
"name": "39958",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39958/"
}
]
}
}

34
2015/1xxx/CVE-2015-1037.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1037",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1037",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2015/1xxx/CVE-2015-1059.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1059",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1059",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35710",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35710"
},
{
"name" : "http://packetstormsecurity.com/files/129814/AdaptCMS-3.0.3-Remote-Command-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129814/AdaptCMS-3.0.3-Remote-Command-Execution.html"
},
{
"name" : "http://zeroscience.mk/en/vulnerabilities/ZSL-2015-5220.php",
"refsource" : "MISC",
"url" : "http://zeroscience.mk/en/vulnerabilities/ZSL-2015-5220.php"
},
{
"name" : "116722",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/116722"
},
{
"name" : "adaptcms-appwebrootuploads-file-upload(99616)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99616"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload vulnerability in admin/files/add in AdaptCMS 3.0.3 allows remote authenticated users to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a direct request to the file in /app/webroot/uploads."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "116722",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/116722"
},
{
"name": "http://zeroscience.mk/en/vulnerabilities/ZSL-2015-5220.php",
"refsource": "MISC",
"url": "http://zeroscience.mk/en/vulnerabilities/ZSL-2015-5220.php"
},
{
"name": "http://packetstormsecurity.com/files/129814/AdaptCMS-3.0.3-Remote-Command-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129814/AdaptCMS-3.0.3-Remote-Command-Execution.html"
},
{
"name": "adaptcms-appwebrootuploads-file-upload(99616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99616"
},
{
"name": "35710",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35710"
}
]
}
}

390
2015/1xxx/CVE-2015-1289.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1289",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=512110",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=512110"
},
{
"name" : "https://crbug.com/398235",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/398235"
},
{
"name" : "https://crbug.com/401995",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/401995"
},
{
"name" : "https://crbug.com/404462",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/404462"
},
{
"name" : "https://crbug.com/458024",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/458024"
},
{
"name" : "https://crbug.com/459898",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/459898"
},
{
"name" : "https://crbug.com/460938",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/460938"
},
{
"name" : "https://crbug.com/471990",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/471990"
},
{
"name" : "https://crbug.com/477713",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/477713"
},
{
"name" : "https://crbug.com/478575",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/478575"
},
{
"name" : "https://crbug.com/484432",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/484432"
},
{
"name" : "https://crbug.com/485855",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/485855"
},
{
"name" : "https://crbug.com/486004",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/486004"
},
{
"name" : "https://crbug.com/487286",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/487286"
},
{
"name" : "https://crbug.com/491216",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/491216"
},
{
"name" : "https://crbug.com/492448",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/492448"
},
{
"name" : "https://crbug.com/492981",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/492981"
},
{
"name" : "https://crbug.com/495682",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/495682"
},
{
"name" : "https://crbug.com/504692",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/504692"
},
{
"name" : "https://crbug.com/506749",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/506749"
},
{
"name" : "https://crbug.com/507821",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/507821"
},
{
"name" : "DSA-3315",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3315"
},
{
"name" : "GLSA-201603-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-09"
},
{
"name" : "RHSA-2015:1499",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name" : "openSUSE-SU-2015:1287",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name" : "75973",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75973"
},
{
"name" : "1033031",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033031"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Google Chrome before 44.0.2403.89 allow attackers to cause a denial of service or possibly have other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=512110",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=512110"
},
{
"name": "https://crbug.com/506749",
"refsource": "CONFIRM",
"url": "https://crbug.com/506749"
},
{
"name": "https://crbug.com/495682",
"refsource": "CONFIRM",
"url": "https://crbug.com/495682"
},
{
"name": "RHSA-2015:1499",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1499.html"
},
{
"name": "https://crbug.com/471990",
"refsource": "CONFIRM",
"url": "https://crbug.com/471990"
},
{
"name": "https://crbug.com/458024",
"refsource": "CONFIRM",
"url": "https://crbug.com/458024"
},
{
"name": "https://crbug.com/459898",
"refsource": "CONFIRM",
"url": "https://crbug.com/459898"
},
{
"name": "https://crbug.com/404462",
"refsource": "CONFIRM",
"url": "https://crbug.com/404462"
},
{
"name": "openSUSE-SU-2015:1287",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00038.html"
},
{
"name": "1033031",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033031"
},
{
"name": "https://crbug.com/477713",
"refsource": "CONFIRM",
"url": "https://crbug.com/477713"
},
{
"name": "https://crbug.com/487286",
"refsource": "CONFIRM",
"url": "https://crbug.com/487286"
},
{
"name": "https://crbug.com/484432",
"refsource": "CONFIRM",
"url": "https://crbug.com/484432"
},
{
"name": "https://crbug.com/485855",
"refsource": "CONFIRM",
"url": "https://crbug.com/485855"
},
{
"name": "https://crbug.com/486004",
"refsource": "CONFIRM",
"url": "https://crbug.com/486004"
},
{
"name": "https://crbug.com/398235",
"refsource": "CONFIRM",
"url": "https://crbug.com/398235"
},
{
"name": "https://crbug.com/507821",
"refsource": "CONFIRM",
"url": "https://crbug.com/507821"
},
{
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name": "https://crbug.com/504692",
"refsource": "CONFIRM",
"url": "https://crbug.com/504692"
},
{
"name": "https://crbug.com/491216",
"refsource": "CONFIRM",
"url": "https://crbug.com/491216"
},
{
"name": "https://crbug.com/478575",
"refsource": "CONFIRM",
"url": "https://crbug.com/478575"
},
{
"name": "75973",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75973"
},
{
"name": "https://crbug.com/401995",
"refsource": "CONFIRM",
"url": "https://crbug.com/401995"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html"
},
{
"name": "https://crbug.com/492981",
"refsource": "CONFIRM",
"url": "https://crbug.com/492981"
},
{
"name": "https://crbug.com/460938",
"refsource": "CONFIRM",
"url": "https://crbug.com/460938"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
},
{
"name": "https://crbug.com/492448",
"refsource": "CONFIRM",
"url": "https://crbug.com/492448"
}
]
}
}

160
2015/4xxx/CVE-2015-4414.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4414",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37274",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37274/"
},
{
"name" : "http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html"
},
{
"name" : "http://www.vapid.dhs.org/advisory.php?v=124",
"refsource" : "MISC",
"url" : "http://www.vapid.dhs.org/advisory.php?v=124"
},
{
"name" : "https://wpvulndb.com/vulnerabilities/8032",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8032"
},
{
"name" : "75093",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75093"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisory.php?v=124",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisory.php?v=124"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8032",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8032"
},
{
"name": "37274",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37274/"
},
{
"name": "http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132266/WordPress-SE-HTML5-Album-Audio-Player-1.1.0-Directory-Traversal.html"
},
{
"name": "75093",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75093"
}
]
}
}

180
2015/5xxx/CVE-2015-5118.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5118",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3135 and CVE-2015-4432."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-5118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
},
{
"name" : "GLSA-201507-13",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201507-13"
},
{
"name" : "RHSA-2015:1214",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1214.html"
},
{
"name" : "SUSE-SU-2015:1211",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html"
},
{
"name" : "SUSE-SU-2015:1214",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html"
},
{
"name" : "75592",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75592"
},
{
"name" : "1032810",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032810"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3135 and CVE-2015-4432."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75592"
},
{
"name": "1032810",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032810"
},
{
"name": "SUSE-SU-2015:1211",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00017.html"
},
{
"name": "RHSA-2015:1214",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1214.html"
},
{
"name": "SUSE-SU-2015:1214",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00018.html"
},
{
"name": "GLSA-201507-13",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-13"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-16.html"
}
]
}
}

140
2015/5xxx/CVE-2015-5960.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5960",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5960",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-74.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-74.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1111725",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1111725"
},
{
"name" : "76254",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76254"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox OS before 2.2 allows physically proximate attackers to bypass the pass-code protection mechanism and access USB Mass Storage (UMS) media volumes by using the USB interface for a mount operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76254"
},
{
"name": "http://www.mozilla.org/security/announce/2015/mfsa2015-74.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2015/mfsa2015-74.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1111725",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1111725"
}
]
}
}

34
2018/3xxx/CVE-2018-3341.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3341",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3341",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/3xxx/CVE-2018-3621.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"ID" : "CVE-2018-3621",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel Driver & Support Assistant",
"version" : {
"version_data" : [
{
"version_value" : "Versions before 3.6.0.4"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-3621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Driver & Support Assistant",
"version": {
"version_data": [
{
"version_value": "Versions before 3.6.0.4"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00187.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00187.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00187.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00187.html"
}
]
}
}

152
2018/6xxx/CVE-2018-6115.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6115",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "66.0.3359.117"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Inappropriate implementation"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "66.0.3359.117"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://crbug.com/819809",
"refsource" : "MISC",
"url" : "https://crbug.com/819809"
},
{
"name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
},
{
"name" : "GLSA-201804-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201804-22"
},
{
"name" : "103917",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103917"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inappropriate setting of the SEE_MASK_FLAG_NO_UI flag in file downloads in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially bypass OS malware checks via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Inappropriate implementation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
},
{
"name": "GLSA-201804-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-22"
},
{
"name": "https://crbug.com/819809",
"refsource": "MISC",
"url": "https://crbug.com/819809"
},
{
"name": "103917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103917"
}
]
}
}

34
2018/6xxx/CVE-2018-6280.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6280",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6280",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/6xxx/CVE-2018-6366.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6366",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6366",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/7xxx/CVE-2018-7070.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"ID" : "CVE-2018-7070",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HPE CentralView Fraud Risk Management",
"version" : {
"version_data" : [
{
"version_value" : "earlier than version CV 6.1"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote disclosure of information"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2018-7070",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE CentralView Fraud Risk Management",
"version": {
"version_data": [
{
"version_value": "earlier than version CV 6.1"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE has identified a remote disclosure of information vulnerability in HPE CentralView Fraud Risk Management earlier than version CV 6.1. This issue is resolved in HF16 for HPE CV 6.1 or subsequent version."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote disclosure of information"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03837en_us"
}
]
}
}

130
2018/7xxx/CVE-2018-7097.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"ID" : "CVE-2018-7097",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HPE 3PAR Service Processors",
"version" : {
"version_data" : [
{
"version_value" : "Prior to SP-4.4.0.GA-110(MU7)"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "cross-site request forgery"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2018-7097",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE 3PAR Service Processors",
"version": {
"version_data": [
{
"version_value": "Prior to SP-4.4.0.GA-110(MU7)"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability was identified in 3PAR Service Processor (SP) prior to SP-4.4.0.GA-110(MU7). The vulnerability may be exploited remotely to allow cross-site request forgery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03884en_us"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03861en_us"
}
]
}
}

140
2018/7xxx/CVE-2018-7466.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44226",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44226/"
},
{
"name" : "44349",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44349/"
},
{
"name" : "https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/9696012eecbafb0aa21cc346234512c29b474679",
"refsource" : "MISC",
"url" : "https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/9696012eecbafb0aa21cc346234512c29b474679"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "install/installNewDB.php in TestLink through 1.9.16 allows remote attackers to conduct injection attacks by leveraging control over DB LOGIN NAMES data during installation to provide a long, crafted value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44226",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44226/"
},
{
"name": "44349",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44349/"
},
{
"name": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/9696012eecbafb0aa21cc346234512c29b474679",
"refsource": "MISC",
"url": "https://github.com/TestLinkOpenSourceTRMS/testlink-code/commit/9696012eecbafb0aa21cc346234512c29b474679"
}
]
}
}

140
2018/7xxx/CVE-2018-7570.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7570",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7570",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22881",
"refsource" : "MISC",
"url" : "https://sourceware.org/bugzilla/show_bug.cgi?id=22881"
},
{
"name" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d",
"refsource" : "MISC",
"url" : "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d"
},
{
"name" : "GLSA-201811-17",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-17"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The assign_file_positions_for_non_load_sections function in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an ELF file with a RELRO segment that lacks a matching LOAD segment, as demonstrated by objcopy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201811-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-17"
},
{
"name": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d",
"refsource": "MISC",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d"
},
{
"name": "https://sourceware.org/bugzilla/show_bug.cgi?id=22881",
"refsource": "MISC",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=22881"
}
]
}
}

428
2018/8xxx/CVE-2018-8136.json
View File

@ -1,216 +1,216 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8136",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2008",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 2"
},
{
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value" : "Itanium-Based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka \"Windows Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8136",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8136",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8136"
},
{
"name" : "104044",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104044"
},
{
"name" : "1040849",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040849"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka \"Windows Remote Code Execution Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040849"
},
{
"name": "104044",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104044"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8136",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8136"
}
]
}
}

216
2018/8xxx/CVE-2018-8506.json
View File

@ -1,110 +1,110 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8506",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "Version 1809 for 32-bit Systems"
},
{
"version_value" : "Version 1809 for x64-based Systems"
}
]
}
},
{
"product_name" : "Windows Server 2019",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka \"Microsoft Windows Codecs Library Information Disclosure Vulnerability.\" This affects Windows 10 Servers, Windows 10, Windows Server 2019."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8506",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8506"
},
{
"name" : "105466",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105466"
},
{
"name" : "1041833",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041833"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Information Disclosure vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka \"Microsoft Windows Codecs Library Information Disclosure Vulnerability.\" This affects Windows 10 Servers, Windows 10, Windows Server 2019."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041833",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041833"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8506",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8506"
},
{
"name": "105466",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105466"
}
]
}
}