admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:48:16 +00:00
parent f1928a769d
commit 4ce515b7a1
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3413 additions and 3413 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2002/2xxx/CVE-2002-2165.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.securitybugware.org/Other/5537.html",
"refsource" : "MISC",
"url" : "http://www.securitybugware.org/Other/5537.html"
},
{
"name" : "imho-roxen-session-hijacking(9615)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9615.php"
},
{
"name" : "5238",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5238"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securitybugware.org/Other/5537.html",
"refsource": "MISC",
"url": "http://www.securitybugware.org/Other/5537.html"
},
{
"name": "imho-roxen-session-hijacking(9615)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9615.php"
},
{
"name": "5238",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5238"
}
]
}
}

140
2005/0xxx/CVE-2005-0200.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0200",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "GLSA-200501-41",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-41.xml"
},
{
"name" : "http://tikiwiki.org/art102",
"refsource" : "CONFIRM",
"url" : "http://tikiwiki.org/art102"
},
{
"name" : "13948",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13948"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200501-41",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-41.xml"
},
{
"name": "13948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13948"
},
{
"name": "http://tikiwiki.org/art102",
"refsource": "CONFIRM",
"url": "http://tikiwiki.org/art102"
}
]
}
}

150
2005/1xxx/CVE-2005-1135.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1135",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050415 [ECHO_ADV_12$2005] Vulnerabilities in sphpblog",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111359320312609&w=2"
},
{
"name" : "http://echo.or.id/adv/adv12-y3dips-2005.txt",
"refsource" : "MISC",
"url" : "http://echo.or.id/adv/adv12-y3dips-2005.txt"
},
{
"name" : "http://www.waraxe.us/ftopict-651.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/ftopict-651.html"
},
{
"name" : "13170",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13170"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://echo.or.id/adv/adv12-y3dips-2005.txt",
"refsource": "MISC",
"url": "http://echo.or.id/adv/adv12-y3dips-2005.txt"
},
{
"name": "20050415 [ECHO_ADV_12$2005] Vulnerabilities in sphpblog",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111359320312609&w=2"
},
{
"name": "http://www.waraxe.us/ftopict-651.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/ftopict-651.html"
},
{
"name": "13170",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13170"
}
]
}
}

140
2005/1xxx/CVE-2005-1317.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1317",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1317",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050422 Chora 1.2.3 (final)",
"refsource" : "MLIST",
"url" : "http://lists.horde.org/archives/chora/Week-of-Mon-20050418/004050.html"
},
{
"name" : "http://cvs.horde.org/diff.php/chora/docs/CHANGES?r1=1.45.2.34&r2=1.45.2.37&ty=h",
"refsource" : "CONFIRM",
"url" : "http://cvs.horde.org/diff.php/chora/docs/CHANGES?r1=1.45.2.34&r2=1.45.2.37&ty=h"
},
{
"name" : "15083",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15083"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Horde Chora module before 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cvs.horde.org/diff.php/chora/docs/CHANGES?r1=1.45.2.34&r2=1.45.2.37&ty=h",
"refsource": "CONFIRM",
"url": "http://cvs.horde.org/diff.php/chora/docs/CHANGES?r1=1.45.2.34&r2=1.45.2.37&ty=h"
},
{
"name": "15083",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15083"
},
{
"name": "20050422 Chora 1.2.3 (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/chora/Week-of-Mon-20050418/004050.html"
}
]
}
}

150
2005/1xxx/CVE-2005-1361.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1361",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050426 Multiple SQL Injections in MetaCart e-Shop V-8",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111453994718211&w=2"
},
{
"name" : "13376",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13376"
},
{
"name" : "13377",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13377"
},
{
"name" : "metacart-eshop-sql-injection(20283)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20283"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13376",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13376"
},
{
"name": "20050426 Multiple SQL Injections in MetaCart e-Shop V-8",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111453994718211&w=2"
},
{
"name": "13377",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13377"
},
{
"name": "metacart-eshop-sql-injection(20283)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20283"
}
]
}
}

180
2005/1xxx/CVE-2005-1384.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1384",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050428 Multiple Sql injections in phpCoin v1.2.2 and below",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111473522804665&w=2"
},
{
"name" : "http://digitalparadox.org/viewadvisories.ah?view=36",
"refsource" : "MISC",
"url" : "http://digitalparadox.org/viewadvisories.ah?view=36"
},
{
"name" : "http://pridels0.blogspot.com/2006/03/phpcoin-poc.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2006/03/phpcoin-poc.html"
},
{
"name" : "13433",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13433"
},
{
"name" : "ADV-2005-0423",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0423"
},
{
"name" : "1013834",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013834"
},
{
"name" : "phpcoin-multiple-sql-injection(20308)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20308"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpcoin-multiple-sql-injection(20308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20308"
},
{
"name": "20050428 Multiple Sql injections in phpCoin v1.2.2 and below",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111473522804665&w=2"
},
{
"name": "1013834",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013834"
},
{
"name": "http://pridels0.blogspot.com/2006/03/phpcoin-poc.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2006/03/phpcoin-poc.html"
},
{
"name": "http://digitalparadox.org/viewadvisories.ah?view=36",
"refsource": "MISC",
"url": "http://digitalparadox.org/viewadvisories.ah?view=36"
},
{
"name": "13433",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13433"
},
{
"name": "ADV-2005-0423",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0423"
}
]
}
}

150
2005/1xxx/CVE-2005-1448.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1448",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1448",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.s9y.org/63.html#A9",
"refsource" : "CONFIRM",
"url" : "http://www.s9y.org/63.html#A9"
},
{
"name" : "13411",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13411"
},
{
"name" : "15876",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15876"
},
{
"name" : "15145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15145"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13411"
},
{
"name": "15145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15145"
},
{
"name": "http://www.s9y.org/63.html#A9",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/63.html#A9"
},
{
"name": "15876",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15876"
}
]
}
}

130
2005/3xxx/CVE-2005-3213.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple interpretation error in unspecified versions of F-Prot Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051007 Antivirus detection bypass by special crafted archive.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112879611919750&w=2"
},
{
"name" : "http://shadock.net/secubox/AVCraftedArchive.html",
"refsource" : "MISC",
"url" : "http://shadock.net/secubox/AVCraftedArchive.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple interpretation error in unspecified versions of F-Prot Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://shadock.net/secubox/AVCraftedArchive.html",
"refsource": "MISC",
"url": "http://shadock.net/secubox/AVCraftedArchive.html"
},
{
"name": "20051007 Antivirus detection bypass by special crafted archive.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112879611919750&w=2"
}
]
}
}

180
2005/3xxx/CVE-2005-3926.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3926",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3926",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051128 Guppy <= 4.5.9 Remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/417899/100/0/threaded"
},
{
"name" : "http://rgod.altervista.org/guppy459_xpl.html",
"refsource" : "MISC",
"url" : "http://rgod.altervista.org/guppy459_xpl.html"
},
{
"name" : "15609",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15609"
},
{
"name" : "ADV-2005-2635",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2635"
},
{
"name" : "1015279",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015279"
},
{
"name" : "17790",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17790"
},
{
"name" : "guppy-error-file-include(23318)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23318"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Direct static code injection vulnerability in error.php in GuppY 4.5.9 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via the _SERVER[REMOTE_ADDR] parameter, which is injected into a .inc script that is later included by the main script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015279",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015279"
},
{
"name": "20051128 Guppy <= 4.5.9 Remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417899/100/0/threaded"
},
{
"name": "17790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17790"
},
{
"name": "15609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15609"
},
{
"name": "guppy-error-file-include(23318)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23318"
},
{
"name": "http://rgod.altervista.org/guppy459_xpl.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/guppy459_xpl.html"
},
{
"name": "ADV-2005-2635",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2635"
}
]
}
}

140
2009/0xxx/CVE-2009-0091.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0091",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft .NET Framework Type Verification Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS09-061",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-061"
},
{
"name" : "TA09-286A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name" : "oval:org.mitre.oval:def:6451",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6451"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka \"Microsoft .NET Framework Type Verification Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name": "oval:org.mitre.oval:def:6451",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6451"
},
{
"name": "MS09-061",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-061"
}
]
}
}

140
2009/0xxx/CVE-2009-0349.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0349",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7852",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7852"
},
{
"name" : "51510",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51510"
},
{
"name" : "33597",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33597"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7852",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7852"
},
{
"name": "33597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33597"
},
{
"name": "51510",
"refsource": "OSVDB",
"url": "http://osvdb.org/51510"
}
]
}
}

160
2009/0xxx/CVE-2009-0531.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0531",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8012",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8012"
},
{
"name" : "http://www.ontarioabandonedplaces.com/ipguardian/gallery/readme.txt",
"refsource" : "CONFIRM",
"url" : "http://www.ontarioabandonedplaces.com/ipguardian/gallery/readme.txt"
},
{
"name" : "33693",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33693"
},
{
"name" : "33874",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33874"
},
{
"name" : "bettermember-view-sql-injection(48612)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48612"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in gallery/view.asp in A Better Member-Based ASP Photo Gallery before 1.2 allows remote attackers to execute arbitrary SQL commands via the entry parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33693",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33693"
},
{
"name": "8012",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8012"
},
{
"name": "http://www.ontarioabandonedplaces.com/ipguardian/gallery/readme.txt",
"refsource": "CONFIRM",
"url": "http://www.ontarioabandonedplaces.com/ipguardian/gallery/readme.txt"
},
{
"name": "bettermember-view-sql-injection(48612)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48612"
},
{
"name": "33874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33874"
}
]
}
}

480
2009/0xxx/CVE-2009-0692.json
View File

@ -1,242 +1,242 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0692",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2009-0692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.isc.org/node/468",
"refsource" : "CONFIRM",
"url" : "https://www.isc.org/node/468"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=507717",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=507717"
},
{
"name" : "https://www.isc.org/downloadables/12",
"refsource" : "CONFIRM",
"url" : "https://www.isc.org/downloadables/12"
},
{
"name" : "DSA-1833",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1833"
},
{
"name" : "FEDORA-2009-8344",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
},
{
"name" : "FEDORA-2009-9075",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"name" : "GLSA-200907-12",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200907-12.xml"
},
{
"name" : "HPSBMA02554",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name" : "SSRT100018",
"refsource" : "HP",
"url" : "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name" : "MDVSA-2009:151",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:151"
},
{
"name" : "NetBSD-SA2009-010",
"refsource" : "NETBSD",
"url" : "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc"
},
{
"name" : "RHSA-2009:1136",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1136.html"
},
{
"name" : "RHSA-2009:1154",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"name" : "SSA:2009-195-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561471"
},
{
"name" : "SUSE-SA:2009:037",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html"
},
{
"name" : "USN-803-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-803-1"
},
{
"name" : "VU#410676",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/410676"
},
{
"name" : "35668",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35668"
},
{
"name" : "55819",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/55819"
},
{
"name" : "oval:org.mitre.oval:def:10758",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758"
},
{
"name" : "oval:org.mitre.oval:def:5941",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941"
},
{
"name" : "1022548",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022548"
},
{
"name" : "35785",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35785"
},
{
"name" : "35829",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35829"
},
{
"name" : "35830",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35830"
},
{
"name" : "35831",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35831"
},
{
"name" : "35832",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35832"
},
{
"name" : "35841",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35841"
},
{
"name" : "35849",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35849"
},
{
"name" : "35850",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35850"
},
{
"name" : "35851",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35851"
},
{
"name" : "35880",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35880"
},
{
"name" : "36457",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36457"
},
{
"name" : "37342",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37342"
},
{
"name" : "40551",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40551"
},
{
"name" : "ADV-2009-1891",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1891"
},
{
"name" : "ADV-2010-1796",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1796"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1891",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1891"
},
{
"name": "https://www.isc.org/node/468",
"refsource": "CONFIRM",
"url": "https://www.isc.org/node/468"
},
{
"name": "35830",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35830"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=507717",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=507717"
},
{
"name": "35832",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35832"
},
{
"name": "SSRT100018",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "35850",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35850"
},
{
"name": "35785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35785"
},
{
"name": "VU#410676",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/410676"
},
{
"name": "35880",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35880"
},
{
"name": "SUSE-SA:2009:037",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00003.html"
},
{
"name": "HPSBMA02554",
"refsource": "HP",
"url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083"
},
{
"name": "FEDORA-2009-9075",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00340.html"
},
{
"name": "40551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40551"
},
{
"name": "55819",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55819"
},
{
"name": "35668",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35668"
},
{
"name": "DSA-1833",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1833"
},
{
"name": "GLSA-200907-12",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200907-12.xml"
},
{
"name": "MDVSA-2009:151",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:151"
},
{
"name": "RHSA-2009:1136",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1136.html"
},
{
"name": "35831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35831"
},
{
"name": "35829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35829"
},
{
"name": "ADV-2010-1796",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1796"
},
{
"name": "35841",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35841"
},
{
"name": "oval:org.mitre.oval:def:5941",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5941"
},
{
"name": "oval:org.mitre.oval:def:10758",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10758"
},
{
"name": "USN-803-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-803-1"
},
{
"name": "NetBSD-SA2009-010",
"refsource": "NETBSD",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2009-010.txt.asc"
},
{
"name": "https://www.isc.org/downloadables/12",
"refsource": "CONFIRM",
"url": "https://www.isc.org/downloadables/12"
},
{
"name": "RHSA-2009:1154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1154.html"
},
{
"name": "37342",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37342"
},
{
"name": "35851",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35851"
},
{
"name": "35849",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35849"
},
{
"name": "SSA:2009-195-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.561471"
},
{
"name": "1022548",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022548"
},
{
"name": "36457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36457"
},
{
"name": "FEDORA-2009-8344",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01177.html"
}
]
}
}

160
2009/1xxx/CVE-2009-1466.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090512 Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503434/100/0/threaded"
},
{
"name" : "http://www.syhunt.com/advisories/?id=aas-multiple",
"refsource" : "MISC",
"url" : "http://www.syhunt.com/advisories/?id=aas-multiple"
},
{
"name" : "34911",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34911"
},
{
"name" : "1022204",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022204"
},
{
"name" : "aas-aas-info-disclosure(50590)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50590"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.syhunt.com/advisories/?id=aas-multiple",
"refsource": "MISC",
"url": "http://www.syhunt.com/advisories/?id=aas-multiple"
},
{
"name": "20090512 Syhunt: A-A-S (Application Access Server) Multiple Security Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503434/100/0/threaded"
},
{
"name": "34911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34911"
},
{
"name": "aas-aas-info-disclosure(50590)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50590"
},
{
"name": "1022204",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022204"
}
]
}
}

170
2009/1xxx/CVE-2009-1468.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1468",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1468",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090505 [RT-SA-2009-003] IceWarp WebMail Server: SQL Injection in Groupware Component",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/503226/100/0/threaded"
},
{
"name" : "http://www.redteam-pentesting.de/advisories/rt-sa-2009-003",
"refsource" : "MISC",
"url" : "http://www.redteam-pentesting.de/advisories/rt-sa-2009-003"
},
{
"name" : "34820",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34820"
},
{
"name" : "54228",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54228"
},
{
"name" : "1022169",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022169"
},
{
"name" : "ADV-2009-1253",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1253"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the search form in server/webmail.php in the Groupware component in IceWarp eMail Server and WebMail Server before 9.4.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) sql and (2) order_by elements in an XML search query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34820"
},
{
"name": "1022169",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022169"
},
{
"name": "ADV-2009-1253",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1253"
},
{
"name": "54228",
"refsource": "OSVDB",
"url": "http://osvdb.org/54228"
},
{
"name": "http://www.redteam-pentesting.de/advisories/rt-sa-2009-003",
"refsource": "MISC",
"url": "http://www.redteam-pentesting.de/advisories/rt-sa-2009-003"
},
{
"name": "20090505 [RT-SA-2009-003] IceWarp WebMail Server: SQL Injection in Groupware Component",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/503226/100/0/threaded"
}
]
}
}

280
2009/1xxx/CVE-2009-1712.json
View File

@ -1,142 +1,142 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1712",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1712",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3613",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3613"
},
{
"name" : "APPLE-SA-2009-06-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name" : "DSA-1950",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1950"
},
{
"name" : "SUSE-SR:2011:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name" : "USN-857-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-857-1"
},
{
"name" : "USN-836-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-836-1"
},
{
"name" : "35260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35260"
},
{
"name" : "35350",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35350"
},
{
"name" : "55022",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55022"
},
{
"name" : "1022345",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022345"
},
{
"name" : "35379",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35379"
},
{
"name" : "37746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37746"
},
{
"name" : "36790",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36790"
},
{
"name" : "43068",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43068"
},
{
"name" : "ADV-2009-1522",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name" : "ADV-2011-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name" : "safari-applets-code-execution(51266)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51266"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43068",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43068"
},
{
"name": "ADV-2011-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2011/0212"
},
{
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name": "35260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name": "37746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37746"
},
{
"name": "safari-applets-code-execution(51266)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51266"
},
{
"name": "1022345",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022345"
},
{
"name": "36790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36790"
},
{
"name": "35350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35350"
},
{
"name": "DSA-1950",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1950"
},
{
"name": "SUSE-SR:2011:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-01/msg00006.html"
},
{
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name": "USN-857-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-857-1"
},
{
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
},
{
"name": "USN-836-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-836-1"
},
{
"name": "55022",
"refsource": "OSVDB",
"url": "http://osvdb.org/55022"
}
]
}
}

180
2009/1xxx/CVE-2009-1989.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1989",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 33, and 9.0 Bundle 24 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name" : "35694",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35694"
},
{
"name" : "55911",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55911"
},
{
"name" : "1022566",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022566"
},
{
"name" : "35776",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35776"
},
{
"name" : "ADV-2009-1900",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name" : "oracle-pse-jdee-pef-unspecified(51771)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51771"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1, 8.9 Bundle 33, and 9.0 Bundle 24 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55911",
"refsource": "OSVDB",
"url": "http://osvdb.org/55911"
},
{
"name": "35776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35776"
},
{
"name": "ADV-2009-1900",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1900"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name": "1022566",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022566"
},
{
"name": "oracle-pse-jdee-pef-unspecified(51771)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51771"
},
{
"name": "35694",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35694"
}
]
}
}

170
2009/3xxx/CVE-2009-3263.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3263",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML \"active content.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090916 Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506517/100/0/threaded"
},
{
"name" : "http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/",
"refsource" : "MISC",
"url" : "http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/"
},
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=21238",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=21238"
},
{
"name" : "http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html"
},
{
"name" : "36416",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36416"
},
{
"name" : "36770",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36770"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x before 3.0.195.21 allows remote attackers to inject arbitrary web script or HTML via a (1) RSS or (2) Atom feed, related to the rendering of the application/rss+xml content type as XML \"active content.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090916 Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506517/100/0/threaded"
},
{
"name": "http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/",
"refsource": "MISC",
"url": "http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/"
},
{
"name": "36416",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36416"
},
{
"name": "http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2009/09/stable-channel-update.html"
},
{
"name": "http://code.google.com/p/chromium/issues/detail?id=21238",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=21238"
},
{
"name": "36770",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36770"
}
]
}
}

140
2009/4xxx/CVE-2009-4466.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "10598",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10598"
},
{
"name" : "37448",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37448"
},
{
"name" : "deluxebb-misc-info-disclosure(54980)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54980"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service (CPU or memory consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37448",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37448"
},
{
"name": "10598",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10598"
},
{
"name": "deluxebb-misc-info-disclosure(54980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54980"
}
]
}
}

34
2012/2xxx/CVE-2012-2312.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2312",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2312",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/2xxx/CVE-2012-2618.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2618",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2618",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2012/2xxx/CVE-2012-2630.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2630",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-2630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#23328321",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN23328321/index.html"
},
{
"name" : "JVNDB-2012-000054",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000054"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23328321",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN23328321/index.html"
},
{
"name": "JVNDB-2012-000054",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000054"
}
]
}
}

140
2012/2xxx/CVE-2012-2644.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2012-2644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hazama.nu/pukiwiki/index.php?MT4i%2F3.1",
"refsource" : "CONFIRM",
"url" : "http://www.hazama.nu/pukiwiki/index.php?MT4i%2F3.1"
},
{
"name" : "JVN#79111101",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN79111101/index.html"
},
{
"name" : "JVNDB-2012-000069",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000069"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 and earlier for Movable Type allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-2642."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#79111101",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN79111101/index.html"
},
{
"name": "http://www.hazama.nu/pukiwiki/index.php?MT4i%2F3.1",
"refsource": "CONFIRM",
"url": "http://www.hazama.nu/pukiwiki/index.php?MT4i%2F3.1"
},
{
"name": "JVNDB-2012-000069",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000069"
}
]
}
}

230
2012/2xxx/CVE-2012-2746.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2746",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://directory.fedoraproject.org/wiki/Release_Notes",
"refsource" : "CONFIRM",
"url" : "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=833482",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=833482"
},
{
"name" : "https://fedorahosted.org/389/ticket/365",
"refsource" : "CONFIRM",
"url" : "https://fedorahosted.org/389/ticket/365"
},
{
"name" : "HPSBUX02881",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name" : "SSRT101189",
"refsource" : "HP",
"url" : "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name" : "RHSA-2012:0997",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0997.html"
},
{
"name" : "RHSA-2012:1041",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1041.html"
},
{
"name" : "54153",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54153"
},
{
"name" : "83329",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/83329"
},
{
"name" : "oval:org.mitre.oval:def:19241",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241"
},
{
"name" : "49734",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49734"
},
{
"name" : "389directory-logging-info-disclosure(76595)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76595"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server before 8.2.10-3), when the password of a LDAP user has been changed and audit logging is enabled, saves the new password to the log in plain text, which allows remote authenticated users to read the password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "83329",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/83329"
},
{
"name": "https://fedorahosted.org/389/ticket/365",
"refsource": "CONFIRM",
"url": "https://fedorahosted.org/389/ticket/365"
},
{
"name": "49734",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49734"
},
{
"name": "389directory-logging-info-disclosure(76595)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76595"
},
{
"name": "SSRT101189",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name": "54153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54153"
},
{
"name": "http://directory.fedoraproject.org/wiki/Release_Notes",
"refsource": "CONFIRM",
"url": "http://directory.fedoraproject.org/wiki/Release_Notes"
},
{
"name": "HPSBUX02881",
"refsource": "HP",
"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03772083"
},
{
"name": "RHSA-2012:1041",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1041.html"
},
{
"name": "RHSA-2012:0997",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0997.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=833482",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=833482"
},
{
"name": "oval:org.mitre.oval:def:19241",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19241"
}
]
}
}

130
2012/2xxx/CVE-2012-2925.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2925",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2925",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18845",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18845"
},
{
"name" : "simplephpagenda-engine-sql-injection(75501)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75501"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18845",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18845"
},
{
"name": "simplephpagenda-engine-sql-injection(75501)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75501"
}
]
}
}

250
2012/3xxx/CVE-2012-3422.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3422",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=840592",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=840592"
},
{
"name" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS",
"refsource" : "CONFIRM",
"url" : "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
},
{
"name" : "GLSA-201406-32",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name" : "RHSA-2012:1132",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
},
{
"name" : "SUSE-SU-2012:0979",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
},
{
"name" : "openSUSE-SU-2012:0981",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
},
{
"name" : "openSUSE-SU-2012:0982",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
},
{
"name" : "openSUSE-SU-2013:0826",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"name" : "SUSE-SU-2013:0851",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"name" : "openSUSE-SU-2013:0893",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"name" : "openSUSE-SU-2013:0966",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"name" : "SUSE-SU-2013:1174",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"name" : "USN-1521-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1521-1"
},
{
"name" : "50089",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50089"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The getFirstInTableInstance function in the IcedTea-Web plugin before 1.2.1 returns an uninitialized pointer when the instance_to_id_map hash is empty, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted web page, which causes an uninitialized memory location to be read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201406-32",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201406-32.xml"
},
{
"name": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS",
"refsource": "CONFIRM",
"url": "http://icedtea.classpath.org/hg/release/icedtea-web-1.2/file/icedtea-web-1.2.1/NEWS"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=840592",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=840592"
},
{
"name": "SUSE-SU-2013:0851",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00020.html"
},
{
"name": "USN-1521-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1521-1"
},
{
"name": "openSUSE-SU-2012:0982",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00005.html"
},
{
"name": "SUSE-SU-2013:1174",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-07/msg00013.html"
},
{
"name": "openSUSE-SU-2013:0826",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00032.html"
},
{
"name": "openSUSE-SU-2012:0981",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00004.html"
},
{
"name": "SUSE-SU-2012:0979",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00003.html"
},
{
"name": "openSUSE-SU-2013:0966",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00101.html"
},
{
"name": "openSUSE-SU-2013:0893",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00030.html"
},
{
"name": "RHSA-2012:1132",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1132.html"
},
{
"name": "50089",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50089"
}
]
}
}

34
2012/6xxx/CVE-2012-6018.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6018",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6018",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/6xxx/CVE-2012-6019.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6019",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6019",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/6xxx/CVE-2012-6164.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6164",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6164",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

140
2012/6xxx/CVE-2012-6512.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8) page/view.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/112086/WordPress-Organizer-1.2.1-Cross-Site-Scripting-Path-Disclosure.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/112086/WordPress-Organizer-1.2.1-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name" : "http://websecurity.com.ua/5782",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/5782"
},
{
"name" : "organizer-multiple-path-disclosure(75107)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75107"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Organizer plugin 1.2.1 for WordPress allows remote attackers to obtain the installation path via unspecified vectors to (1) plugin_hook.php, (2) page/index.php, (3) page/dir.php (4) page/options.php, (5) page/resize.php, (6) page/upload.php, (7) page/users.php, or (8) page/view.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "organizer-multiple-path-disclosure(75107)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75107"
},
{
"name": "http://packetstormsecurity.org/files/112086/WordPress-Organizer-1.2.1-Cross-Site-Scripting-Path-Disclosure.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112086/WordPress-Organizer-1.2.1-Cross-Site-Scripting-Path-Disclosure.html"
},
{
"name": "http://websecurity.com.ua/5782",
"refsource": "MISC",
"url": "http://websecurity.com.ua/5782"
}
]
}
}

150
2015/1xxx/CVE-2015-1908.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1908",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1908",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21701566",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21701566"
},
{
"name" : "PI37661",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37661"
},
{
"name" : "74218",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74218"
},
{
"name" : "1032189",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032189"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 CF16, and 8.5.0 through CF05, as used in Web Content Manager and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032189",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032189"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21701566"
},
{
"name": "PI37661",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PI37661"
},
{
"name": "74218",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74218"
}
]
}
}

130
2015/1xxx/CVE-2015-1980.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1980",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1980",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960244",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960244"
},
{
"name" : "75143",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75143"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, 11.0, 11.3, and 11.4 before FP03 allows remote authenticated users to conduct clickjacking attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960244",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960244"
},
{
"name": "75143",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75143"
}
]
}
}

120
2015/5xxx/CVE-2015-5050.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5050",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973592",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973592"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote authenticated users to hijack the authentication of arbitrary users for requests that insert XSS sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21973592",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973592"
}
]
}
}

150
2015/5xxx/CVE-2015-5485.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5485",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the \"error\" parameter to wp-admin/edit.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5485",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150713 Reflected XSS in The Events Calendar: Eventbrite Tickets allows unauthenticated users to do almost anything an admin can (WordPress plugin)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jul/67"
},
{
"name" : "http://packetstormsecurity.com/files/132676/The-Events-Calender-Eventbrite-Tickets-3.9.6-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132676/The-Events-Calender-Eventbrite-Tickets-3.9.6-Cross-Site-Scripting.html"
},
{
"name" : "https://security.dxw.com/advisories/reflected-xss-in-the-events-calendar-eventbrite-tickets-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/",
"refsource" : "MISC",
"url" : "https://security.dxw.com/advisories/reflected-xss-in-the-events-calendar-eventbrite-tickets-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/"
},
{
"name" : "https://theeventscalendar.com/release-eventbrite-tickets-3-10-2/",
"refsource" : "CONFIRM",
"url" : "https://theeventscalendar.com/release-eventbrite-tickets-3-10-2/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the \"error\" parameter to wp-admin/edit.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security.dxw.com/advisories/reflected-xss-in-the-events-calendar-eventbrite-tickets-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/",
"refsource": "MISC",
"url": "https://security.dxw.com/advisories/reflected-xss-in-the-events-calendar-eventbrite-tickets-allows-unauthenticated-users-to-do-almost-anything-an-admin-can/"
},
{
"name": "20150713 Reflected XSS in The Events Calendar: Eventbrite Tickets allows unauthenticated users to do almost anything an admin can (WordPress plugin)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jul/67"
},
{
"name": "https://theeventscalendar.com/release-eventbrite-tickets-3-10-2/",
"refsource": "CONFIRM",
"url": "https://theeventscalendar.com/release-eventbrite-tickets-3-10-2/"
},
{
"name": "http://packetstormsecurity.com/files/132676/The-Events-Calender-Eventbrite-Tickets-3.9.6-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132676/The-Events-Calender-Eventbrite-Tickets-3.9.6-Cross-Site-Scripting.html"
}
]
}
}

130
2015/5xxx/CVE-2015-5944.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5944",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205375",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205375"
},
{
"name" : "APPLE-SA-2015-10-21-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CoreText in Apple OS X before 10.11.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-10-21-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html"
},
{
"name": "https://support.apple.com/HT205375",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205375"
}
]
}
}

240
2015/5xxx/CVE-2015-5963.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5963",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5963",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/",
"refsource" : "MISC",
"url" : "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
},
{
"name" : "DSA-3338",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3338"
},
{
"name" : "FEDORA-2015-1dd5bc998f",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"
},
{
"name" : "RHSA-2015:1894",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1894.html"
},
{
"name" : "RHSA-2015:1766",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1766.html"
},
{
"name" : "RHSA-2015:1767",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1767.html"
},
{
"name" : "RHSA-2015:1876",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2015:1876"
},
{
"name" : "openSUSE-SU-2015:1580",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00026.html"
},
{
"name" : "openSUSE-SU-2015:1598",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html"
},
{
"name" : "USN-2720-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2720-1"
},
{
"name" : "76428",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76428"
},
{
"name" : "1033318",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033318"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-1dd5bc998f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"
},
{
"name": "openSUSE-SU-2015:1580",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00026.html"
},
{
"name": "RHSA-2015:1894",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1894.html"
},
{
"name": "DSA-3338",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3338"
},
{
"name": "1033318",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033318"
},
{
"name": "RHSA-2015:1767",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1767.html"
},
{
"name": "openSUSE-SU-2015:1598",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-09/msg00035.html"
},
{
"name": "USN-2720-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2720-1"
},
{
"name": "RHSA-2015:1766",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1766.html"
},
{
"name": "RHSA-2015:1876",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:1876"
},
{
"name": "76428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76428"
},
{
"name": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/",
"refsource": "MISC",
"url": "https://www.djangoproject.com/weblog/2015/aug/18/security-releases/"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}
}

166
2018/11xxx/CVE-2018-11084.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-08-10T00:00:00.000Z",
"ID" : "CVE-2018-11084",
"STATE" : "PUBLIC",
"TITLE" : "Garden-runC prevents deletion of some app environments"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Garden-runC",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "all versions",
"version_value" : "1.16.1"
}
]
}
}
]
},
"vendor_name" : "Cloud Foundry"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 6.8,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "NONE",
"integrityImpact" : "NONE",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Logic error"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-08-10T00:00:00.000Z",
"ID": "CVE-2018-11084",
"STATE": "PUBLIC",
"TITLE": "Garden-runC prevents deletion of some app environments"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Garden-runC",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "all versions",
"version_value": "1.16.1"
}
]
}
}
]
},
"vendor_name": "Cloud Foundry"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.cloudfoundry.org/blog/cve-2018-11084/",
"refsource" : "CONFIRM",
"url" : "https://www.cloudfoundry.org/blog/cve-2018-11084/"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cloud Foundry Garden-runC release, versions prior to 1.16.1, prevents deletion of some app environments based on file attributes. A remote authenticated malicious user may create and delete apps with crafted file attributes to cause a denial of service for new app instances or scaling up of existing apps."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Logic error"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.cloudfoundry.org/blog/cve-2018-11084/",
"refsource": "CONFIRM",
"url": "https://www.cloudfoundry.org/blog/cve-2018-11084/"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

140
2018/11xxx/CVE-2018-11151.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11151",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/71"
},
{
"name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html"
},
{
"name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 9 of 46)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/71"
},
{
"name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html"
},
{
"name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities"
}
]
}
}

140
2018/11xxx/CVE-2018-11263.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11263",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Validation of Array Index in WLAN"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11263",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-08-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-08-01"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=476ad571ec5b42c42bb1ce9468f18c7e996646ed",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=476ad571ec5b42c42bb1ce9468f18c7e996646ed"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FW and is used to access the buffer to copy the radio stats received for each radio from FW. If the radio_id received from the FW is greater than or equal to maximum, an OOB write will occur. On supported Google Pixel and Nexus devices, this has been addressed in security patch level 2018-08-05."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Validation of Array Index in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=476ad571ec5b42c42bb1ce9468f18c7e996646ed",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=476ad571ec5b42c42bb1ce9468f18c7e996646ed"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2018-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2018-08-01"
}
]
}
}

34
2018/11xxx/CVE-2018-11838.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11838",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11838",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/15xxx/CVE-2018-15728.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15728",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Couchbase Server. Authenticated users can send arbitrary Erlang code to the 'diag/eval' endpoint of the REST API (available by default on TCP/8091 and/or TCP/18091). The executed code in the underlying operating system will run with the privileges of the user running Couchbase server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15728",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180823 Couchbase Server - Remote Code Execution",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2018/Aug/49"
},
{
"name" : "105157",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Couchbase Server. Authenticated users can send arbitrary Erlang code to the 'diag/eval' endpoint of the REST API (available by default on TCP/8091 and/or TCP/18091). The executed code in the underlying operating system will run with the privileges of the user running Couchbase server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180823 Couchbase Server - Remote Code Execution",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2018/Aug/49"
},
{
"name": "105157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105157"
}
]
}
}

34
2018/3xxx/CVE-2018-3544.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3544",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3544",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

122
2018/3xxx/CVE-2018-3835.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-01-29T00:00:00",
"ID" : "CVE-2018-3835",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Walt Disney Animation Studios PTEX",
"version" : {
"version_data" : [
{
"version_value" : "2.2"
}
]
}
}
]
},
"vendor_name" : "Talos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "buffer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-01-29T00:00:00",
"ID": "CVE-2018-3835",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Walt Disney Animation Studios PTEX",
"version": {
"version_data": [
{
"version_value": "2.2"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0515",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0515"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable out of bounds write vulnerability exists in version 2.2 of the Per Face Texture mapping application known as PTEX. The vulnerability is present in the reading of a file without proper parameter checking. The value read in, is not verified to be valid and its use can lead to a buffer overflow, potentially resulting in code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0515",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0515"
}
]
}
}

132
2018/3xxx/CVE-2018-3851.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2018-3851",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Perceptive Document Filters",
"version" : {
"version_data" : [
{
"version_value" : "11.4.0.2647 - x86/x64 Windows/Linux"
}
]
}
}
]
},
"vendor_name" : "Hyland Software, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out of bounds Write"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2018-3851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Perceptive Document Filters",
"version": {
"version_data": [
{
"version_value": "11.4.0.2647 - x86/x64 Windows/Linux"
}
]
}
}
]
},
"vendor_name": "Hyland Software, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0534",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0534"
},
{
"name" : "104023",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104023"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, an exploitable stack-based buffer overflow exists in the DOC-to-HTML conversion functionality of the Hyland Perceptive Document Filters version 11.4.0.2647. A crafted .doc document can lead to a stack-based buffer, resulting in direct code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0534",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0534"
},
{
"name": "104023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104023"
}
]
}
}

34
2018/3xxx/CVE-2018-3969.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3969",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3969",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

146
2018/8xxx/CVE-2018-8498.json
View File

@ -1,75 +1,75 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8498",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft SharePoint",
"version" : {
"version_data" : [
{
"version_value" : "Enterprise Server 2013 Service Pack 1"
},
{
"version_value" : "Enterprise Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8518."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint",
"version": {
"version_data": [
{
"version_value": "Enterprise Server 2013 Service Pack 1"
},
{
"version_value": "Enterprise Server 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498"
},
{
"name" : "105495",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105495"
},
{
"name" : "1041835",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041835"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8480, CVE-2018-8488, CVE-2018-8518."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105495",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105495"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8498"
},
{
"name": "1041835",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041835"
}
]
}
}

34
2018/8xxx/CVE-2018-8632.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8632",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8632",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/8xxx/CVE-2018-8633.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8633",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8633",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/8xxx/CVE-2018-8689.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8689",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8689",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

156
2018/8xxx/CVE-2018-8915.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@synology.com",
"DATE_PUBLIC" : "2018-05-10T00:00:00",
"ID" : "CVE-2018-8915",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Calendar",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "2.1.1-0502"
}
]
}
}
]
},
"vendor_name" : "Synology"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Neutralization of Input During Web Page Generation (CWE-79)"
}
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2018-05-10T00:00:00",
"ID": "CVE-2018-8915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Calendar",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.1.1-0502"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.synology.com/en-global/support/security/Synology_SA_18_06",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/en-global/support/security/Synology_SA_18_06"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/en-global/support/security/Synology_SA_18_06",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_18_06"
}
]
}
}