admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:50:29 +00:00
parent 87eaefe46f
commit 4b048f204d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 4375 additions and 4375 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2002/0xxx/CVE-2002-0256.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0256",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The telnet port in Arescom NetDSL 1000 router allows remote attackers to cause a denial of service via a series of connections with long strings, which causes a large number of login failures and causes the telnet service to stop."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020209 Arescom NetDSL-1000 telnetd DoS",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101328827420630&w=2"
},
{
"name" : "4067",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4067"
},
{
"name" : "netdsl-telnet-dos(8123)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8123.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The telnet port in Arescom NetDSL 1000 router allows remote attackers to cause a denial of service via a series of connections with long strings, which causes a large number of login failures and causes the telnet service to stop."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020209 Arescom NetDSL-1000 telnetd DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101328827420630&w=2"
},
{
"name": "4067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4067"
},
{
"name": "netdsl-telnet-dos(8123)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8123.php"
}
]
}
}

160
2002/0xxx/CVE-2002-0808.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0808",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html"
},
{
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=107718",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=107718"
},
{
"name" : "RHSA-2002:109",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-109.html"
},
{
"name" : "4964",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4964"
},
{
"name" : "bugzilla-masschange-change-groupset(9305)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9305.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4964"
},
{
"name": "20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html"
},
{
"name": "RHSA-2002:109",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-109.html"
},
{
"name": "bugzilla-masschange-change-groupset(9305)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9305.php"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=107718",
"refsource": "CONFIRM",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=107718"
}
]
}
}

140
2002/0xxx/CVE-2002-0934.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0934",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _browser_out or (2) _out_file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0934",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020610 AlienForm2 CGI script: arbitrary file read/write",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0068.html"
},
{
"name" : "4983",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4983"
},
{
"name" : "alienform2-directory-traversal(9325)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9325.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) allows remote attackers to read or modify arbitrary files via an illegal character in the middle of a .. (dot dot) sequence in the parameters (1) _browser_out or (2) _out_file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "alienform2-directory-traversal(9325)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9325.php"
},
{
"name": "4983",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4983"
},
{
"name": "20020610 AlienForm2 CGI script: arbitrary file read/write",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0068.html"
}
]
}
}

140
2002/2xxx/CVE-2002-2349.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2349",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021010 phpBBmod contains an open phpinfo",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/294701"
},
{
"name" : "5942",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5942"
},
{
"name" : "phpbbmod-phpinfo-information-disclosure(10335)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10335.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which allows remote attackers to obtain sensitive environment information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpbbmod-phpinfo-information-disclosure(10335)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10335.php"
},
{
"name": "20021010 phpBBmod contains an open phpinfo",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/294701"
},
{
"name": "5942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5942"
}
]
}
}

160
2005/0xxx/CVE-2005-0061.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0061",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS05-018",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-018"
},
{
"name" : "oval:org.mitre.oval:def:1656",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1656"
},
{
"name" : "oval:org.mitre.oval:def:1761",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1761"
},
{
"name" : "oval:org.mitre.oval:def:3994",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3994"
},
{
"name" : "oval:org.mitre.oval:def:4593",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4593"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:4593",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4593"
},
{
"name": "oval:org.mitre.oval:def:3994",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3994"
},
{
"name": "oval:org.mitre.oval:def:1761",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1761"
},
{
"name": "MS05-018",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-018"
},
{
"name": "oval:org.mitre.oval:def:1656",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1656"
}
]
}
}

220
2005/0xxx/CVE-2005-0096.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0096",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name" : "CLA-2005:923",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923"
},
{
"name" : "FLSA-2006:152809",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name" : "GLSA-200501-25",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name" : "RHSA-2005:060",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-060.html"
},
{
"name" : "RHSA-2005:061",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name" : "SUSE-SA:2005:006",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name" : "2005-0003",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2005/0003/"
},
{
"name" : "12324",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12324"
},
{
"name" : "oval:org.mitre.oval:def:10233",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
},
{
"name" : "1012818",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1012818"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLA-2005:923",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth"
},
{
"name": "12324",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12324"
},
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "1012818",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012818"
},
{
"name": "GLSA-200501-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200501-25.xml"
},
{
"name": "oval:org.mitre.oval:def:10233",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10233"
},
{
"name": "RHSA-2005:061",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-061.html"
},
{
"name": "SUSE-SA:2005:006",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_06_squid.html"
},
{
"name": "RHSA-2005:060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-060.html"
}
]
}
}

160
2005/1xxx/CVE-2005-1200.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1200",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050420 Multiple Security Issues Found In AZBB",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111401838521857&w=2"
},
{
"name" : "http://azbb.cyaccess.com/azbb.php?1091778548",
"refsource" : "CONFIRM",
"url" : "http://azbb.cyaccess.com/azbb.php?1091778548"
},
{
"name" : "http://www.gulftech.org/?node=research&article_id=00068-04192005",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00068-04192005"
},
{
"name" : "15013",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15013"
},
{
"name" : "az-bulletin-board-file-include(20181)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20181"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gulftech.org/?node=research&article_id=00068-04192005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00068-04192005"
},
{
"name": "http://azbb.cyaccess.com/azbb.php?1091778548",
"refsource": "CONFIRM",
"url": "http://azbb.cyaccess.com/azbb.php?1091778548"
},
{
"name": "15013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15013"
},
{
"name": "20050420 Multiple Security Issues Found In AZBB",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111401838521857&w=2"
},
{
"name": "az-bulletin-board-file-include(20181)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20181"
}
]
}
}

170
2005/1xxx/CVE-2005-1483.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5) BlogId parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050503 Authentication bypass, sql injections and xss in ArticleLive 2005",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111530871724865&w=2"
},
{
"name" : "13493",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13493"
},
{
"name" : "16183",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16183"
},
{
"name" : "1013895",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013895"
},
{
"name" : "15250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15250"
},
{
"name" : "articlelive-multiple-xss(20430)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20430"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5) BlogId parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050503 Authentication bypass, sql injections and xss in ArticleLive 2005",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111530871724865&w=2"
},
{
"name": "13493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13493"
},
{
"name": "15250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15250"
},
{
"name": "articlelive-multiple-xss(20430)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20430"
},
{
"name": "16183",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16183"
},
{
"name": "1013895",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013895"
}
]
}
}

160
2005/1xxx/CVE-2005-1523.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1523",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1523",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050525 GNU Mailutils 0.6 imap4d Format String Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=246&type=vulnerabilities"
},
{
"name" : "DSA-732",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-732"
},
{
"name" : "13764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13764"
},
{
"name" : "1014052",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014052"
},
{
"name" : "15442",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15442"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in imap4d server in GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via format string specifiers in the command tag for IMAP commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014052",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014052"
},
{
"name": "20050525 GNU Mailutils 0.6 imap4d Format String Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=246&type=vulnerabilities"
},
{
"name": "15442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15442"
},
{
"name": "DSA-732",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-732"
},
{
"name": "13764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13764"
}
]
}
}

120
2005/1xxx/CVE-2005-1567.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1567",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050512 Directtopics Multiple Vulnerabilities (Security Advisory)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111592417803514&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050512 Directtopics Multiple Vulnerabilities (Security Advisory)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111592417803514&w=2"
}
]
}
}

120
2005/1xxx/CVE-2005-1582.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1582",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) nom, (2) email, (3) siteweb, or (4) commentaire variables."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1582",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1013960",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013960"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) nom, (2) email, (3) siteweb, or (4) commentaire variables."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013960",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013960"
}
]
}
}

140
2005/1xxx/CVE-2005-1868.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1868",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=331422",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=331422"
},
{
"name" : "15558",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15558/"
},
{
"name" : "iman-file-upload(20857)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20857"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "iman-file-upload(20857)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20857"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=331422",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=331422"
},
{
"name": "15558",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15558/"
}
]
}
}

150
2005/1xxx/CVE-2005-1950.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1950",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1950",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050609 Webhints v1.03 Remote Command Execution",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111842893001406&w=2"
},
{
"name" : "13930",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13930"
},
{
"name" : "1014173",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014173"
},
{
"name" : "15652",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15652"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15652",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15652"
},
{
"name": "13930",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13930"
},
{
"name": "20050609 Webhints v1.03 Remote Command Execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111842893001406&w=2"
},
{
"name": "1014173",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014173"
}
]
}
}

170
2009/0xxx/CVE-2009-0014.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0014",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3438",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3438"
},
{
"name" : "APPLE-SA-2009-02-12",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name" : "33759",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33759"
},
{
"name" : "33820",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33820"
},
{
"name" : "ADV-2009-0422",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name" : "33937",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33937"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Folder Manager in Apple Mac OS X 10.5.6 uses insecure default permissions when recreating a Downloads folder after it has been deleted, which allows local users to bypass intended access restrictions and read the Downloads folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33820"
},
{
"name": "33937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33937"
},
{
"name": "33759",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33759"
},
{
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "ADV-2009-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0422"
}
]
}
}

130
2009/0xxx/CVE-2009-0623.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0623",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-0623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name" : "33900",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33900"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers before A2(1.3) and Cisco ACE 4710 Application Control Engine Appliance before A3(2.1) allows remote attackers to cause a denial of service (device reload) via a crafted SSH packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090225 Multiple Vulnerabilities in the Cisco ACE Application Control Engine Module and Cisco ACE 4710 Application Control Engine",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a7bc82.shtml"
},
{
"name": "33900",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33900"
}
]
}
}

180
2009/0xxx/CVE-2009-0636.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0636",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-0636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml"
},
{
"name" : "20090325 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c0.shtml"
},
{
"name" : "34243",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34243"
},
{
"name" : "1021902",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1021902"
},
{
"name" : "34438",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34438"
},
{
"name" : "ADV-2009-0851",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0851"
},
{
"name" : "ios-sip-dos(49421)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49421"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090325 Cisco IOS Software Session Initiation Protocol Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a904c0.shtml"
},
{
"name": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080a90469.shtml"
},
{
"name": "34243",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34243"
},
{
"name": "34438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34438"
},
{
"name": "ios-sip-dos(49421)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49421"
},
{
"name": "1021902",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1021902"
},
{
"name": "ADV-2009-0851",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0851"
}
]
}
}

520
2009/0xxx/CVE-2009-0723.json
View File

@ -1,262 +1,262 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0723",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090320 [oCERT-2009-003] LittleCMS integer errors",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502031/100/0/threaded"
},
{
"name" : "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502018/100/0/threaded"
},
{
"name" : "http://scary.beasts.org/security/CESA-2009-003.html",
"refsource" : "MISC",
"url" : "http://scary.beasts.org/security/CESA-2009-003.html"
},
{
"name" : "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html",
"refsource" : "MISC",
"url" : "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"
},
{
"name" : "http://www.ocert.org/advisories/ocert-2009-003.html",
"refsource" : "MISC",
"url" : "http://www.ocert.org/advisories/ocert-2009-003.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=487508",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=487508"
},
{
"name" : "DSA-1745",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1745"
},
{
"name" : "DSA-1769",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1769"
},
{
"name" : "FEDORA-2009-2903",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"
},
{
"name" : "FEDORA-2009-2910",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"
},
{
"name" : "FEDORA-2009-2928",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"
},
{
"name" : "FEDORA-2009-2970",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"
},
{
"name" : "FEDORA-2009-2982",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"
},
{
"name" : "FEDORA-2009-2983",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"
},
{
"name" : "FEDORA-2009-3034",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"
},
{
"name" : "GLSA-200904-19",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200904-19.xml"
},
{
"name" : "MDVSA-2009:121",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"
},
{
"name" : "MDVSA-2009:137",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name" : "MDVSA-2009:162",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name" : "RHSA-2009:0339",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0339.html"
},
{
"name" : "RHSA-2009:0377",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"name" : "SSA:2009-083-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438"
},
{
"name" : "SUSE-SR:2009:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name" : "USN-744-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-744-1"
},
{
"name" : "34185",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34185"
},
{
"name" : "oval:org.mitre.oval:def:11780",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11780"
},
{
"name" : "1021869",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021869"
},
{
"name" : "34367",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34367"
},
{
"name" : "34382",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34382"
},
{
"name" : "34400",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34400"
},
{
"name" : "34418",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34418"
},
{
"name" : "34442",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34442"
},
{
"name" : "34450",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34450"
},
{
"name" : "34454",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34454"
},
{
"name" : "34463",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34463"
},
{
"name" : "34408",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34408"
},
{
"name" : "34675",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34675"
},
{
"name" : "34632",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34632"
},
{
"name" : "34782",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34782"
},
{
"name" : "ADV-2009-0775",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0775"
},
{
"name" : "littlecms-unspecified-bo(49326)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49326"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-2970",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"
},
{
"name": "MDVSA-2009:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34632"
},
{
"name": "34450",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34450"
},
{
"name": "1021869",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021869"
},
{
"name": "FEDORA-2009-2928",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"
},
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "USN-744-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-744-1"
},
{
"name": "DSA-1745",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1745"
},
{
"name": "34675",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34675"
},
{
"name": "34454",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34454"
},
{
"name": "34442",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34442"
},
{
"name": "FEDORA-2009-2982",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"
},
{
"name": "FEDORA-2009-3034",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"
},
{
"name": "FEDORA-2009-2903",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"
},
{
"name": "http://scary.beasts.org/security/CESA-2009-003.html",
"refsource": "MISC",
"url": "http://scary.beasts.org/security/CESA-2009-003.html"
},
{
"name": "34382",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34382"
},
{
"name": "SSA:2009-083-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438"
},
{
"name": "littlecms-unspecified-bo(49326)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49326"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=487508",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487508"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "20090320 [oCERT-2009-003] LittleCMS integer errors",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"
},
{
"name": "RHSA-2009:0377",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"name": "http://www.ocert.org/advisories/ocert-2009-003.html",
"refsource": "MISC",
"url": "http://www.ocert.org/advisories/ocert-2009-003.html"
},
{
"name": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html",
"refsource": "MISC",
"url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"
},
{
"name": "34782",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34782"
},
{
"name": "34367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34367"
},
{
"name": "MDVSA-2009:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "RHSA-2009:0339",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"
},
{
"name": "ADV-2009-0775",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0775"
},
{
"name": "34463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34463"
},
{
"name": "34408",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34408"
},
{
"name": "DSA-1769",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1769"
},
{
"name": "34400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34400"
},
{
"name": "oval:org.mitre.oval:def:11780",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11780"
},
{
"name": "MDVSA-2009:121",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"
},
{
"name": "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"
},
{
"name": "FEDORA-2009-2910",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"
},
{
"name": "34185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34185"
},
{
"name": "GLSA-200904-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"
},
{
"name": "FEDORA-2009-2983",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"
}
]
}
}

170
2009/0xxx/CVE-2009-0961.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0961",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0961",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3639",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3639"
},
{
"name" : "APPLE-SA-2009-06-17-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name" : "35414",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35414"
},
{
"name" : "55238",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55238"
},
{
"name" : "ADV-2009-1621",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name" : "iphone-ipod-mail-security-bypass(51210)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51210"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT3639",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3639"
},
{
"name": "ADV-2009-1621",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1621"
},
{
"name": "55238",
"refsource": "OSVDB",
"url": "http://osvdb.org/55238"
},
{
"name": "35414",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35414"
},
{
"name": "APPLE-SA-2009-06-17-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
},
{
"name": "iphone-ipod-mail-security-bypass(51210)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51210"
}
]
}
}

170
2009/1xxx/CVE-2009-1049.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1049",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8243",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8243"
},
{
"name" : "8244",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8244"
},
{
"name" : "34187",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34187"
},
{
"name" : "52839",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52839"
},
{
"name" : "34395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34395"
},
{
"name" : "bloginator-articlecall-sql-injection(49325)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49325"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in articleCall.php in Bloginator 1A allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8244",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8244"
},
{
"name": "34395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34395"
},
{
"name": "bloginator-articlecall-sql-injection(49325)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49325"
},
{
"name": "34187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34187"
},
{
"name": "8243",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8243"
},
{
"name": "52839",
"refsource": "OSVDB",
"url": "http://osvdb.org/52839"
}
]
}
}

210
2009/1xxx/CVE-2009-1131.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1131",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka \"Data Out of Bounds Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090512 Secunia Research: Microsoft PowerPoint Atom Parsing Buffer Overflows",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503451"
},
{
"name" : "http://secunia.com/secunia_research/2008-46/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2008-46/"
},
{
"name" : "MS09-017",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
},
{
"name" : "TA09-132A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
},
{
"name" : "34841",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34841"
},
{
"name" : "54393",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54393"
},
{
"name" : "oval:org.mitre.oval:def:5351",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5351"
},
{
"name" : "1022205",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022205"
},
{
"name" : "32428",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32428"
},
{
"name" : "ADV-2009-1290",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1290"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka \"Data Out of Bounds Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32428"
},
{
"name": "ADV-2009-1290",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1290"
},
{
"name": "MS09-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017"
},
{
"name": "oval:org.mitre.oval:def:5351",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5351"
},
{
"name": "1022205",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022205"
},
{
"name": "http://secunia.com/secunia_research/2008-46/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-46/"
},
{
"name": "TA09-132A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-132A.html"
},
{
"name": "54393",
"refsource": "OSVDB",
"url": "http://osvdb.org/54393"
},
{
"name": "20090512 Secunia Research: Microsoft PowerPoint Atom Parsing Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503451"
},
{
"name": "34841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34841"
}
]
}
}

150
2009/1xxx/CVE-2009-1239.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1239",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21381257",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21381257"
},
{
"name" : "JR31886",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886"
},
{
"name" : "ADV-2009-0912",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0912"
},
{
"name" : "db2-predicate-information-disclosure(49864)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49864"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM DB2 9.1 before FP7 returns incorrect query results in certain situations related to the order of application of an INNER JOIN predicate and an OUTER JOIN predicate, which might allow attackers to obtain sensitive information via a crafted query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "db2-predicate-information-disclosure(49864)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49864"
},
{
"name": "JR31886",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR31886"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21381257",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381257"
},
{
"name": "ADV-2009-0912",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0912"
}
]
}
}

390
2009/1xxx/CVE-2009-1308.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1308",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1308",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/",
"refsource" : "MISC",
"url" : "http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/"
},
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=481558",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=481558"
},
{
"name" : "DSA-1797",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1797"
},
{
"name" : "FEDORA-2009-3875",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
},
{
"name" : "MDVSA-2009:111",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
},
{
"name" : "MDVSA-2009:141",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
},
{
"name" : "RHSA-2009:0436",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
},
{
"name" : "RHSA-2009:1126",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
},
{
"name" : "264308",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
},
{
"name" : "SUSE-SR:2009:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name" : "USN-764-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/764-1/"
},
{
"name" : "USN-782-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-782-1"
},
{
"name" : "34656",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34656"
},
{
"name" : "oval:org.mitre.oval:def:10428",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428"
},
{
"name" : "oval:org.mitre.oval:def:6173",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173"
},
{
"name" : "oval:org.mitre.oval:def:6185",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185"
},
{
"name" : "oval:org.mitre.oval:def:6296",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296"
},
{
"name" : "oval:org.mitre.oval:def:7285",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285"
},
{
"name" : "1022097",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022097"
},
{
"name" : "34758",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34758"
},
{
"name" : "34894",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34894"
},
{
"name" : "34843",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34843"
},
{
"name" : "34780",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34780"
},
{
"name" : "35065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35065"
},
{
"name" : "35042",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35042"
},
{
"name" : "35536",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35536"
},
{
"name" : "ADV-2009-1125",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey allows remote attackers to inject arbitrary web script or HTML via vectors involving XBL JavaScript bindings and remote stylesheets, as exploited in the wild by a March 2009 eBay listing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2009:111",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:111"
},
{
"name": "FEDORA-2009-3875",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00683.html"
},
{
"name": "34894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34894"
},
{
"name": "ADV-2009-1125",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1125"
},
{
"name": "34758",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34758"
},
{
"name": "35536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35536"
},
{
"name": "oval:org.mitre.oval:def:6185",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6185"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=481558",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=481558"
},
{
"name": "oval:org.mitre.oval:def:7285",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7285"
},
{
"name": "USN-782-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-782-1"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "oval:org.mitre.oval:def:6173",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6173"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-18.html"
},
{
"name": "oval:org.mitre.oval:def:10428",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10428"
},
{
"name": "USN-764-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/764-1/"
},
{
"name": "MDVSA-2009:141",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35042",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35042"
},
{
"name": "34656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34656"
},
{
"name": "34843",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34843"
},
{
"name": "DSA-1797",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1797"
},
{
"name": "RHSA-2009:0436",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0436.html"
},
{
"name": "http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2009/03/08/ebay_scam_wizardy/"
},
{
"name": "oval:org.mitre.oval:def:6296",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6296"
},
{
"name": "RHSA-2009:1126",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
},
{
"name": "34780",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34780"
},
{
"name": "264308",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-264308-1"
},
{
"name": "1022097",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022097"
}
]
}
}

220
2009/1xxx/CVE-2009-1707.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3613",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3613"
},
{
"name" : "http://support.apple.com/kb/HT4456",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4456"
},
{
"name" : "APPLE-SA-2009-06-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name" : "APPLE-SA-2010-11-22-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name" : "35260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35260"
},
{
"name" : "35352",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35352"
},
{
"name" : "55012",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55012"
},
{
"name" : "35379",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35379"
},
{
"name" : "42314",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42314"
},
{
"name" : "ADV-2009-1522",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name" : "ADV-2010-3046",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3046"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the Reset Safari implementation in Apple Safari before 4.0 on Windows might allow local users to read stored web-site passwords via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "ADV-2010-3046",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3046"
},
{
"name": "35260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "35352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35352"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "42314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42314"
},
{
"name": "http://support.apple.com/kb/HT4456",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4456"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "APPLE-SA-2010-11-22-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html"
},
{
"name": "55012",
"refsource": "OSVDB",
"url": "http://osvdb.org/55012"
}
]
}
}

140
2009/4xxx/CVE-2009-4046.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/; and (6) audit_trail_db.inc, (7) comments_db.inc, (8) inventory_db.inc, (9) manufacturing_db.inc, and (10) references_db.inc in includes/db/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php",
"refsource" : "CONFIRM",
"url" : "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php"
},
{
"name" : "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download"
},
{
"name" : "ADV-2009-3223",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3223"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) bank_accounts.php, (2) currencies.php, (3) exchange_rates.php, (4) gl_account_types.php, and (5) gl_accounts.php in gl/manage/; and (6) audit_trail_db.inc, (7) comments_db.inc, (8) inventory_db.inc, (9) manufacturing_db.inc, and (10) references_db.inc in includes/db/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/projects/frontaccounting/files/FrontAccounting-2/2.2%20RC/frontaccount-2.2RC.tar.gz/download"
},
{
"name": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php",
"refsource": "CONFIRM",
"url": "http://frontaccounting.net/wb3/pages/posts/release-2.2-rc104.php"
},
{
"name": "ADV-2009-3223",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3223"
}
]
}
}

160
2012/2xxx/CVE-2012-2025.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2026."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-2025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-10.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-10.html"
},
{
"name" : "53422",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53422"
},
{
"name" : "81757",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81757"
},
{
"name" : "1027047",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027047"
},
{
"name" : "adobe-illustrator-code-execution(75448)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75448"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-2012-2023, CVE-2012-2024, and CVE-2012-2026."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-10.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-10.html"
},
{
"name": "81757",
"refsource": "OSVDB",
"url": "http://osvdb.org/81757"
},
{
"name": "53422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53422"
},
{
"name": "adobe-illustrator-code-execution(75448)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75448"
},
{
"name": "1027047",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027047"
}
]
}
}

130
2012/3xxx/CVE-2012-3012.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 Rev 421 allows remote attackers to cause a denial of service (Ethernet outage) via unspecified Ethernet traffic that fills a buffer, as demonstrated by a port scan."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-3012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-01.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-01.pdf"
},
{
"name" : "http://www.arbiter.com/news/index.php?id=261",
"refsource" : "CONFIRM",
"url" : "http://www.arbiter.com/news/index.php?id=261"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 Rev 421 allows remote attackers to cause a denial of service (Ethernet outage) via unspecified Ethernet traffic that fills a buffer, as demonstrated by a port scan."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-01.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-249-01.pdf"
},
{
"name": "http://www.arbiter.com/news/index.php?id=261",
"refsource": "CONFIRM",
"url": "http://www.arbiter.com/news/index.php?id=261"
}
]
}
}

200
2012/3xxx/CVE-2012-3375.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3375",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3375",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120704 Re: CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/07/04/2"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13d518074a952d33d47c428419693f63389547e9",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13d518074a952d33d47c428419693f63389547e9"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=837502",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=837502"
},
{
"name" : "https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9"
},
{
"name" : "https://downloads.avaya.com/css/P8/documents/100165733",
"refsource" : "CONFIRM",
"url" : "https://downloads.avaya.com/css/P8/documents/100165733"
},
{
"name" : "USN-1529-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1529-1"
},
{
"name" : "1027237",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027237"
},
{
"name" : "51164",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51164"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://downloads.avaya.com/css/P8/documents/100165733",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/100165733"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24"
},
{
"name": "1027237",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027237"
},
{
"name": "https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9"
},
{
"name": "51164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51164"
},
{
"name": "[oss-security] 20120704 Re: CVE Request -- kernel: epoll: can leak file descriptors when returning -ELOOP",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/04/2"
},
{
"name": "USN-1529-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1529-1"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13d518074a952d33d47c428419693f63389547e9",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13d518074a952d33d47c428419693f63389547e9"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=837502",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=837502"
}
]
}
}

140
2012/3xxx/CVE-2012-3473.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3473",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3473",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120809 Re: CVE request for Ushahidi",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"name" : "https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4",
"refsource" : "CONFIRM",
"url" : "https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4"
},
{
"name" : "https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad",
"refsource" : "CONFIRM",
"url" : "https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) reports API and (2) administration feature in the comments API in the Ushahidi Platform before 2.5 do not require authentication, which allows remote attackers to generate reports and organize comments via API functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/13ca6f4"
},
{
"name": "[oss-security] 20120809 Re: CVE request for Ushahidi",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/08/09/5"
},
{
"name": "https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad",
"refsource": "CONFIRM",
"url": "https://github.com/ushahidi/Ushahidi_Web/commit/f67f4ad"
}
]
}
}

190
2012/3xxx/CVE-2012-3692.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5502",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5502"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name" : "55534",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55534"
},
{
"name" : "85380",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85380"
},
{
"name" : "oval:org.mitre.oval:def:17463",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17463"
},
{
"name" : "apple-itunes-webkit-cve20123692(78521)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78521"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name": "oval:org.mitre.oval:def:17463",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17463"
},
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "http://support.apple.com/kb/HT5502",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5502"
},
{
"name": "85380",
"refsource": "OSVDB",
"url": "http://osvdb.org/85380"
},
{
"name": "55534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55534"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "apple-itunes-webkit-cve20123692(78521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78521"
}
]
}
}

34
2012/3xxx/CVE-2012-3813.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3813",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3813",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2012/3xxx/CVE-2012-3888.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3888",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The login implementation in AirDroid 1.0.4 beta allows remote attackers to bypass a multiple-login protection mechanism by modifying a pass value within JSON data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120712 security advisory: AirDroid 1.0.4 beta",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html"
},
{
"name" : "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt",
"refsource" : "MISC",
"url" : "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The login implementation in AirDroid 1.0.4 beta allows remote attackers to bypass a multiple-login protection mechanism by modifying a pass value within JSON data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120712 security advisory: AirDroid 1.0.4 beta",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0087.html"
},
{
"name": "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt",
"refsource": "MISC",
"url": "http://www.tele-consulting.com/advisories/TC-SA-2012-02.txt"
}
]
}
}

230
2012/4xxx/CVE-2012-4456.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4456",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4456",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[openstack] 20120928 [OSSA 2012-015] Some actions in Keystone admin API do not validate token (CVE-2012-4456)",
"refsource" : "MLIST",
"url" : "https://lists.launchpad.net/openstack/msg17034.html"
},
{
"name" : "[oss-security] 20120928 [OSSA 2012-015] Some actions in Keystone admin API do not validate token (CVE-2012-4456)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/28/5"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=861179",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=861179"
},
{
"name" : "https://bugs.launchpad.net/keystone/+bug/1006815",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/keystone/+bug/1006815"
},
{
"name" : "https://bugs.launchpad.net/keystone/+bug/1006822",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/keystone/+bug/1006822"
},
{
"name" : "https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1",
"refsource" : "CONFIRM",
"url" : "https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1"
},
{
"name" : "https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb",
"refsource" : "CONFIRM",
"url" : "https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb"
},
{
"name" : "https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431",
"refsource" : "CONFIRM",
"url" : "https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431"
},
{
"name" : "https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb",
"refsource" : "CONFIRM",
"url" : "https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb"
},
{
"name" : "55716",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55716"
},
{
"name" : "50665",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50665"
},
{
"name" : "keystone-xauth-sec-bypass(78944)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78944"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the roles for an arbitrary user or get, create, or delete arbitrary services."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120928 [OSSA 2012-015] Some actions in Keystone admin API do not validate token (CVE-2012-4456)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/28/5"
},
{
"name": "50665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50665"
},
{
"name": "[openstack] 20120928 [OSSA 2012-015] Some actions in Keystone admin API do not validate token (CVE-2012-4456)",
"refsource": "MLIST",
"url": "https://lists.launchpad.net/openstack/msg17034.html"
},
{
"name": "https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/keystone/commit/24df3adb3f50cbb5ada411bc67aba8a781e6a431"
},
{
"name": "https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/keystone/commit/14b136aed9d988f5a8f3e699bd4577c9b874d6c1"
},
{
"name": "https://bugs.launchpad.net/keystone/+bug/1006822",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/keystone/+bug/1006822"
},
{
"name": "55716",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55716"
},
{
"name": "https://bugs.launchpad.net/keystone/+bug/1006815",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/keystone/+bug/1006815"
},
{
"name": "https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/keystone/commit/868054992faa45d6f42d822bf1588cb88d7c9ccb"
},
{
"name": "keystone-xauth-sec-bypass(78944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78944"
},
{
"name": "https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/keystone/commit/1d146f5c32e58a73a677d308370f147a3271c2cb"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=861179",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=861179"
}
]
}
}

160
2012/4xxx/CVE-2012-4518.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4518",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121011 CVE Request -- librdmacm (one issue) / ibacm (two issues)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/10/11/6"
},
{
"name" : "[oss-security] 20121011 Re: CVE Request -- librdmacm (one issue) / ibacm (two issues)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/10/11/9"
},
{
"name" : "http://git.openfabrics.org/git?p=~shefty/ibacm.git;a=commit;h=d204fca2b6298d7799e918141ea8e11e7ad43cec",
"refsource" : "CONFIRM",
"url" : "http://git.openfabrics.org/git?p=~shefty/ibacm.git;a=commit;h=d204fca2b6298d7799e918141ea8e11e7ad43cec"
},
{
"name" : "RHSA-2013:0509",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0509.html"
},
{
"name" : "55890",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55890"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:0509",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0509.html"
},
{
"name": "[oss-security] 20121011 CVE Request -- librdmacm (one issue) / ibacm (two issues)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/11/6"
},
{
"name": "http://git.openfabrics.org/git?p=~shefty/ibacm.git;a=commit;h=d204fca2b6298d7799e918141ea8e11e7ad43cec",
"refsource": "CONFIRM",
"url": "http://git.openfabrics.org/git?p=~shefty/ibacm.git;a=commit;h=d204fca2b6298d7799e918141ea8e11e7ad43cec"
},
{
"name": "[oss-security] 20121011 Re: CVE Request -- librdmacm (one issue) / ibacm (two issues)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/11/9"
},
{
"name": "55890",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55890"
}
]
}
}

170
2012/6xxx/CVE-2012-6119.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6119",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=908613",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=908613"
},
{
"name" : "https://github.com/candlepin/candlepin/blob/master/candlepin.spec",
"refsource" : "CONFIRM",
"url" : "https://github.com/candlepin/candlepin/blob/master/candlepin.spec"
},
{
"name" : "https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c",
"refsource" : "CONFIRM",
"url" : "https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c"
},
{
"name" : "RHSA-2013:0686",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
},
{
"name" : "91719",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/91719"
},
{
"name" : "52774",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/52774"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52774",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52774"
},
{
"name": "91719",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/91719"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=908613",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=908613"
},
{
"name": "https://github.com/candlepin/candlepin/blob/master/candlepin.spec",
"refsource": "CONFIRM",
"url": "https://github.com/candlepin/candlepin/blob/master/candlepin.spec"
},
{
"name": "RHSA-2013:0686",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0686.html"
},
{
"name": "https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c",
"refsource": "CONFIRM",
"url": "https://github.com/candlepin/candlepin/commit/f4d93230e58b969c506b4c9778e04482a059b08c"
}
]
}
}

120
2012/6xxx/CVE-2012-6438.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (NIC crash and communication outage) via a malformed CIP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-6438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource" : "MISC",
"url" : "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allows remote attackers to cause a denial of service (NIC crash and communication outage) via a malformed CIP packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf",
"refsource": "MISC",
"url": "http://www.us-cert.gov/control_systems/pdf/ICSA-13-011-03.pdf"
}
]
}
}

150
2012/6xxx/CVE-2012-6514.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6514",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html",
"refsource" : "MISC",
"url" : "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html"
},
{
"name" : "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html"
},
{
"name" : "53275",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53275"
},
{
"name" : "49004",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income action to administrator/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53275",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53275"
},
{
"name": "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html",
"refsource": "MISC",
"url": "http://hauntit.blogspot.com/2012/04/en-nbill-lite-joomla-component-html.html"
},
{
"name": "49004",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49004"
},
{
"name": "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112235/Joomla-nBill-Lite-Cross-Site-Scripting.html"
}
]
}
}

140
2015/5xxx/CVE-2015-5086.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5086",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, and CVE-2015-5085."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-5086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html"
},
{
"name" : "75737",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75737"
},
{
"name" : "1032892",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032892"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allow attackers to bypass JavaScript API execution restrictions via unspecified vectors, a different vulnerability than CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, and CVE-2015-5085."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032892",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032892"
},
{
"name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html"
},
{
"name": "75737",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75737"
}
]
}
}

140
2017/2xxx/CVE-2017-2124.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2124",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "OneThird CMS",
"version" : {
"version_data" : [
{
"version_value" : "v1.73 Heaven's Door and earlier"
}
]
}
}
]
},
"vendor_name" : "SpiQe Software"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OneThird CMS",
"version": {
"version_data": [
{
"version_value": "v1.73 Heaven's Door and earlier"
}
]
}
}
]
},
"vendor_name": "SpiQe Software"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://onethird.net/en/p1277.html",
"refsource" : "MISC",
"url" : "https://onethird.net/en/p1277.html"
},
{
"name" : "JVN#13003724",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN13003724/index.html"
},
{
"name" : "98604",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98604"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door and earlier allows remote attackers to inject arbitrary web script or HTML via contact.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://onethird.net/en/p1277.html",
"refsource": "MISC",
"url": "https://onethird.net/en/p1277.html"
},
{
"name": "98604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98604"
},
{
"name": "JVN#13003724",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN13003724/index.html"
}
]
}
}

170
2017/2xxx/CVE-2017-2168.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2168",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "WP Booking System Free version",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 1.4"
}
]
}
},
{
"product_name" : "WP Booking System Premium version",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 3.7"
}
]
}
}
]
},
"vendor_name" : "WP Booking System"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WP Booking System Free version",
"version": {
"version_data": [
{
"version_value": "prior to version 1.4"
}
]
}
},
{
"product_name": "WP Booking System Premium version",
"version": {
"version_data": [
{
"version_value": "prior to version 3.7"
}
]
}
}
]
},
"vendor_name": "WP Booking System"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wpvulndb.com/vulnerabilities/8830",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8830"
},
{
"name" : "https://wordpress.org/plugins/wp-booking-system/#developers",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/plugins/wp-booking-system/#developers"
},
{
"name" : "JVN#96165722",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN96165722/index.html"
},
{
"name" : "JVNDB-2017-000092",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000092"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in WP Booking System Free version prior to version 1.4 and WP Booking System Premium version prior to version 3.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#96165722",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN96165722/index.html"
},
{
"name": "https://wpvulndb.com/vulnerabilities/8830",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8830"
},
{
"name": "JVNDB-2017-000092",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000092"
},
{
"name": "https://wordpress.org/plugins/wp-booking-system/#developers",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/wp-booking-system/#developers"
}
]
}
}

160
2017/2xxx/CVE-2017-2419.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2419",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2419",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207600",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207600"
},
{
"name" : "https://support.apple.com/HT207617",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207617"
},
{
"name" : "GLSA-201706-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-15"
},
{
"name" : "97129",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97129"
},
{
"name" : "1038137",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038137"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the \"WebKit\" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97129"
},
{
"name": "1038137",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038137"
},
{
"name": "GLSA-201706-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-15"
},
{
"name": "https://support.apple.com/HT207600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207600"
},
{
"name": "https://support.apple.com/HT207617",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207617"
}
]
}
}

140
2017/2xxx/CVE-2017-2509.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2509",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2509",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "42046",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/42046/"
},
{
"name" : "https://support.apple.com/HT207797",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207797"
},
{
"name" : "1038484",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038484"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"Kernel\" component. It allows attackers to bypass intended memory-read restrictions via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "42046",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/42046/"
},
{
"name": "1038484",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038484"
},
{
"name": "https://support.apple.com/HT207797",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207797"
}
]
}
}

132
2017/2xxx/CVE-2017-2649.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert@redhat.com",
"DATE_PUBLIC" : "2017-03-20T00:00:00",
"ID" : "CVE-2017-2649",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Active Directory Jenkins plugin",
"version" : {
"version_data" : [
{
"version_value" : "<= 2.2"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-295"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"DATE_PUBLIC": "2017-03-20T00:00:00",
"ID": "CVE-2017-2649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Active Directory Jenkins plugin",
"version": {
"version_data": [
{
"version_value": "<= 2.2"
}
]
}
}
]
},
"vendor_name": "Jenkins project"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2017-03-20/",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2017-03-20/"
},
{
"name" : "96986",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/96986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that the Active Directory Plugin for Jenkins up to and including version 2.2 did not verify certificates of the Active Directory server, thereby enabling Man-in-the-Middle attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-295"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "96986",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96986"
},
{
"name": "https://jenkins.io/security/advisory/2017-03-20/",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2017-03-20/"
}
]
}
}

132
2017/6xxx/CVE-2017-6272.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@nvidia.com",
"DATE_PUBLIC" : "2017-09-21T00:00:00",
"ID" : "CVE-2017-6272",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "GPU Display Driver",
"version" : {
"version_data" : [
{
"version_value" : "All"
}
]
}
}
]
},
"vendor_name" : "Nvidia Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service, Escalation of Privileges"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC": "2017-09-21T00:00:00",
"ID": "CVE-2017-6272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPU Display Driver",
"version": {
"version_data": [
{
"version_value": "All"
}
]
}
}
]
},
"vendor_name": "Nvidia Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4544",
"refsource" : "CONFIRM",
"url" : "http://nvidia.custhelp.com/app/answers/detail/a_id/4544"
},
{
"name" : "100997",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100997"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer handler where a value passed from a user to the driver is not correctly validated and used as the index to an array which may lead to a denial of service or possible escalation of privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service, Escalation of Privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4544",
"refsource": "CONFIRM",
"url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4544"
},
{
"name": "100997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100997"
}
]
}
}

122
2018/11xxx/CVE-2018-11257.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-07-02T00:00:00",
"ID" : "CVE-2018-11257",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile",
"version" : {
"version_data" : [
{
"version_value" : "SD 210/SD 212/SD 205, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Permissions, Privileges, and Access Controls in TA"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-07-02T00:00:00",
"ID": "CVE-2018-11257",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "SD 210/SD 212/SD 205, SD 845, SD 850"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Permissions, Privileges, and Access Controls in TA in Snapdragon Mobile has an options that allows RPMB erase for secure devices in versions SD 210/SD 212/SD 205, SD 845, SD 850."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Permissions, Privileges, and Access Controls in TA"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}

120
2018/11xxx/CVE-2018-11284.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Authorization in Data"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization in Data"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}

34
2018/11xxx/CVE-2018-11916.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11916",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11916",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/11xxx/CVE-2018-11966.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11966",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11966",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/14xxx/CVE-2018-14100.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14100",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14100",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/14xxx/CVE-2018-14379.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14379",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.openwall.com/lists/oss-security/2018/07/17/1",
"refsource" : "MISC",
"url" : "http://www.openwall.com/lists/oss-security/2018/07/17/1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted MP4 file, because access to the data structure has different expectations about layout as a result of this type confusion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2018/07/17/1",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2018/07/17/1"
}
]
}
}

34
2018/15xxx/CVE-2018-15225.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15225",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15225",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2018/15xxx/CVE-2018-15713.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-11-13T00:00:00",
"ID" : "CVE-2018-15713",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nagios XI",
"version" : {
"version_data" : [
{
"version_value" : "5.5.6"
}
]
}
}
]
},
"vendor_name" : "Nagios"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross Site Scripting"
}
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-11-13T00:00:00",
"ID": "CVE-2018-15713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nagios XI",
"version": {
"version_data": [
{
"version_value": "5.5.6"
}
]
}
}
]
},
"vendor_name": "Nagios"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-37",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-37"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nagios XI 5.5.6 allows persistent cross site scripting from remote authenticated attackers via the stored email address in admin/users.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-37",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-37"
}
]
}
}

186
2018/15xxx/CVE-2018-15776.json
View File

@ -1,95 +1,95 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-12-11T06:00:00.000Z",
"ID" : "CVE-2018-15776",
"STATE" : "PUBLIC",
"TITLE" : "iDRAC7, iDRAC8 - Improper Error Handling "
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "iDRAC",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "iDRAC7",
"version_value" : "2.61.60.60"
},
{
"affected" : "<",
"version_name" : "iDRAC8",
"version_value" : "2.61.60.60"
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "PHYSICAL",
"availabilityImpact" : "HIGH",
"baseScore" : 6.4,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Error Handling Vulnerability. "
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-12-11T06:00:00.000Z",
"ID": "CVE-2018-15776",
"STATE": "PUBLIC",
"TITLE": "iDRAC7, iDRAC8 - Improper Error Handling "
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iDRAC",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "iDRAC7",
"version_value": "2.61.60.60"
},
{
"affected": "<",
"version_name": "iDRAC8",
"version_value": "2.61.60.60"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en",
"refsource" : "CONFIRM",
"url" : "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
},
{
"name" : "106233",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106233"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC iDRAC7/iDRAC8 versions prior to 2.61.60.60 contain an improper error handling vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability to get access to the u-boot shell."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Error Handling Vulnerability. "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en",
"refsource": "CONFIRM",
"url": "https://www.dell.com/support/article/us/en/19/sln315190/dell-emc-idrac-multiple-vulnerabilities-cve-2018-15774-and-cve-2018-15776-?lang=en"
},
{
"name": "106233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106233"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

160
2018/15xxx/CVE-2018-15863.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15863",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d",
"refsource" : "MISC",
"url" : "https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d"
},
{
"name" : "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html",
"refsource" : "MISC",
"url" : "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html"
},
{
"name" : "GLSA-201810-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201810-05"
},
{
"name" : "USN-3786-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3786-1/"
},
{
"name" : "USN-3786-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3786-2/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file with a no-op modmask expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201810-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-05"
},
{
"name": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html",
"refsource": "MISC",
"url": "https://lists.freedesktop.org/archives/wayland-devel/2018-August/039243.html"
},
{
"name": "https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d",
"refsource": "MISC",
"url": "https://github.com/xkbcommon/libxkbcommon/commit/96df3106d49438e442510c59acad306e94f3db4d"
},
{
"name": "USN-3786-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3786-1/"
},
{
"name": "USN-3786-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3786-2/"
}
]
}
}

176
2018/8xxx/CVE-2018-8139.json
View File

@ -1,90 +1,90 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8139",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
}
]
}
},
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
{
"version_value" : "ChakraCore"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
}
]
}
},
{
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value": "ChakraCore"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "45012",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45012/"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8139",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8139"
},
{
"name" : "103977",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103977"
},
{
"name" : "1040844",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040844"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka \"Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103977"
},
{
"name": "45012",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45012/"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8139",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8139"
},
{
"name": "1040844",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040844"
}
]
}
}

160
2018/8xxx/CVE-2018-8168.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8168",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft SharePoint Server",
"version" : {
"version_data" : [
{
"version_value" : "2010 Service Pack 2"
}
]
}
},
{
"product_name" : "Microsoft SharePoint",
"version" : {
"version_data" : [
{
"version_value" : "Enterprise Server 2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8156."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2"
}
]
}
},
{
"product_name": "Microsoft SharePoint",
"version": {
"version_data": [
{
"version_value": "Enterprise Server 2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8168",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8168"
},
{
"name" : "104067",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104067"
},
{
"name" : "1040856",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040856"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint Server, Microsoft SharePoint. This CVE ID is unique from CVE-2018-8149, CVE-2018-8155, CVE-2018-8156."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040856",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040856"
},
{
"name": "104067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104067"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8168",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8168"
}
]
}
}

34
2018/8xxx/CVE-2018-8913.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8913",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8913",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

156
2018/8xxx/CVE-2018-8920.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@synology.com",
"DATE_PUBLIC" : "2018-12-24T00:00:00",
"ID" : "CVE-2018-8920",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DiskStation Manager (DSM)",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "6.1.6-15266"
}
]
}
}
]
},
"vendor_name" : "Synology"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 5.9,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "HIGH",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Neutralization of Escape (CWE-150)"
}
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2018-12-24T00:00:00",
"ID": "CVE-2018-8920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DiskStation Manager (DSM)",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "6.1.6-15266"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.synology.com/security/advisory/Synology_SA_18_14",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/security/advisory/Synology_SA_18_14"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper neutralization of escape vulnerability in Log Exporter in Synology DiskStation Manager (DSM) before 6.1.6-15266 allows remote attackers to inject arbitrary content to have an unspecified impact by exporting an archive in CSV format."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Escape (CWE-150)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/security/advisory/Synology_SA_18_14",
"refsource": "CONFIRM",
"url": "https://www.synology.com/security/advisory/Synology_SA_18_14"
}
]
}
}