admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 18:28:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:40:30 +00:00
parent f23e4adabf
commit 5073b6f9c9
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3763 additions and 3763 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

220
2002/0xxx/CVE-2002-0164.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0164",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "CSSA-2002-009.0",
"refsource" : "CALDERA",
"url" : "http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html"
},
{
"name" : "CSSA-2002-SCO.14",
"refsource" : "CALDERA",
"url" : "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt"
},
{
"name" : "DSA-380",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2003/dsa-380"
},
{
"name" : "RHSA-2003:067",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2003-067.html"
},
{
"name" : "20021001-01-P",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20021001-01-P"
},
{
"name" : "CLSA-2002:529",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529"
},
{
"name" : "20021024 GLSA: xfree",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103547625009363&w=2"
},
{
"name" : "228529",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-228529-1"
},
{
"name" : "1017429",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1017429.1-1"
},
{
"name" : "xfree86-mitshm-memory-access(8706)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/8706"
},
{
"name" : "4396",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4396"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MIT-SHM extension of the X server on Linux (XFree86) 4.2.1 and earlier allows local users to read and write arbitrary shared memory, possibly to cause a denial of service or gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CLSA-2002:529",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529"
},
{
"name": "228529",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-228529-1"
},
{
"name": "20021001-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021001-01-P"
},
{
"name": "20021024 GLSA: xfree",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103547625009363&w=2"
},
{
"name": "xfree86-mitshm-memory-access(8706)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8706"
},
{
"name": "4396",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4396"
},
{
"name": "DSA-380",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2003/dsa-380"
},
{
"name": "CSSA-2002-SCO.14",
"refsource": "CALDERA",
"url": "ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.14/CSSA-2002-SCO.14.txt"
},
{
"name": "RHSA-2003:067",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-067.html"
},
{
"name": "CSSA-2002-009.0",
"refsource": "CALDERA",
"url": "http://www.linuxsecurity.com/advisories/caldera_advisory-2006.html"
},
{
"name": "1017429",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1017429.1-1"
}
]
}
}

260
2002/0xxx/CVE-2002-0184.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0184",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in sudo before 1.6.6 may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0184",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020425 [Global InterSec 2002041701] Sudo Password Prompt",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101974610509912&w=2"
},
{
"name" : "20020425 Sudo version 1.6.6 now available (fwd)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101975443619600&w=2"
},
{
"name" : "MDKSA-2002:028",
"refsource" : "MANDRAKE",
"url" : "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-028.php3"
},
{
"name" : "DSA-128",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-128"
},
{
"name" : "RHSA-2002:071",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-071.html"
},
{
"name" : "RHSA-2002:072",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-072.html"
},
{
"name" : "ESA-20020429-010",
"refsource" : "ENGARDE",
"url" : "http://www.linuxsecurity.com/advisories/other_advisory-2040.html"
},
{
"name" : "20020425 [slackware-security] sudo upgrade fixes a potential vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101979472822196&w=2"
},
{
"name" : "CLA-2002:475",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475"
},
{
"name" : "TSLSA-2002-0046",
"refsource" : "TRUSTIX",
"url" : "http://marc.info/?l=bugtraq&m=102010164413135&w=2"
},
{
"name" : "20020429 TSLSA-2002-0046 - sudo",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=102010164413135&w=2"
},
{
"name" : "SuSE-SA:2002:014",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2002_014_sudo_txt.html"
},
{
"name" : "VU#820083",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/820083"
},
{
"name" : "sudo-password-expansion-overflow(8936)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8936.php"
},
{
"name" : "4593",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4593"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in sudo before 1.6.6 may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020425 Sudo version 1.6.6 now available (fwd)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101975443619600&w=2"
},
{
"name": "DSA-128",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-128"
},
{
"name": "20020425 [slackware-security] sudo upgrade fixes a potential vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101979472822196&w=2"
},
{
"name": "RHSA-2002:071",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-071.html"
},
{
"name": "VU#820083",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/820083"
},
{
"name": "SuSE-SA:2002:014",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2002_014_sudo_txt.html"
},
{
"name": "20020425 [Global InterSec 2002041701] Sudo Password Prompt",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101974610509912&w=2"
},
{
"name": "CLA-2002:475",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475"
},
{
"name": "sudo-password-expansion-overflow(8936)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8936.php"
},
{
"name": "4593",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4593"
},
{
"name": "ESA-20020429-010",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2040.html"
},
{
"name": "TSLSA-2002-0046",
"refsource": "TRUSTIX",
"url": "http://marc.info/?l=bugtraq&m=102010164413135&w=2"
},
{
"name": "RHSA-2002:072",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-072.html"
},
{
"name": "MDKSA-2002:028",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-028.php3"
},
{
"name": "20020429 TSLSA-2002-0046 - sudo",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=102010164413135&w=2"
}
]
}
}

150
2002/0xxx/CVE-2002-0266.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020211 Re: texis(CGI) Path Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101346478229431&w=2"
},
{
"name" : "20020206 texis(CGI) Path Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101301228031165&w=2"
},
{
"name" : "texis-cgi-information-disclosure(8103)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8103.php"
},
{
"name" : "4035",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4035"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "texis-cgi-information-disclosure(8103)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8103.php"
},
{
"name": "4035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4035"
},
{
"name": "20020206 texis(CGI) Path Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101301228031165&w=2"
},
{
"name": "20020211 Re: texis(CGI) Path Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101346478229431&w=2"
}
]
}
}

140
2002/0xxx/CVE-2002-0994.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020703 SunPCi II VNC weak authentication scheme vulnerability",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0003.html"
},
{
"name" : "5146",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5146"
},
{
"name" : "sunpci-vnc-weak-authentication(9476)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9476.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sunpci-vnc-weak-authentication(9476)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9476.php"
},
{
"name": "5146",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5146"
},
{
"name": "20020703 SunPCi II VNC weak authentication scheme vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0003.html"
}
]
}
}

160
2002/2xxx/CVE-2002-2080.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2080",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of service (memory and CPU consumption) via a large number of RCPT TO: messages during an SMTP session."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2080",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020403 SECURITY.NNO: FTGate PRO/Office hotfixes",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-04/0053.html"
},
{
"name" : "http://www.security.nnov.ru/advisories/ftgate.asp",
"refsource" : "MISC",
"url" : "http://www.security.nnov.ru/advisories/ftgate.asp"
},
{
"name" : "http://www.ftgate.com/knwldgbs/hotfix.htm",
"refsource" : "MISC",
"url" : "http://www.ftgate.com/knwldgbs/hotfix.htm"
},
{
"name" : "4428",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4428"
},
{
"name" : "ftgate-rcpt-to-dos(8750)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8750.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of service (memory and CPU consumption) via a large number of RCPT TO: messages during an SMTP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.security.nnov.ru/advisories/ftgate.asp",
"refsource": "MISC",
"url": "http://www.security.nnov.ru/advisories/ftgate.asp"
},
{
"name": "http://www.ftgate.com/knwldgbs/hotfix.htm",
"refsource": "MISC",
"url": "http://www.ftgate.com/knwldgbs/hotfix.htm"
},
{
"name": "20020403 SECURITY.NNO: FTGate PRO/Office hotfixes",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-04/0053.html"
},
{
"name": "ftgate-rcpt-to-dos(8750)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8750.php"
},
{
"name": "4428",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4428"
}
]
}
}

120
2002/2xxx/CVE-2002-2264.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2264",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Internet Group Management Protocol (IGMP) of HP Tru64 4.0F through 5.1A allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: this might be the same issue as CVE-2002-2185, but there are insufficient details to be certain."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2264",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SSRT2266",
"refsource" : "HP",
"url" : "http://archives.neohapsis.com/archives/compaq/2002-q4/0013.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Internet Group Management Protocol (IGMP) of HP Tru64 4.0F through 5.1A allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: this might be the same issue as CVE-2002-2185, but there are insufficient details to be certain."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT2266",
"refsource": "HP",
"url": "http://archives.neohapsis.com/archives/compaq/2002-q4/0013.html"
}
]
}
}

170
2005/0xxx/CVE-2005-0177.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0177",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0177",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://linux.bkbits.net:8080/linux-2.6/cset@41e2bfbeOiXFga62XrBhzm7Kv9QDmQ",
"refsource" : "CONFIRM",
"url" : "http://linux.bkbits.net:8080/linux-2.6/cset@41e2bfbeOiXFga62XrBhzm7Kv9QDmQ"
},
{
"name" : "CLA-2005:930",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930"
},
{
"name" : "RHSA-2005:092",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-092.html"
},
{
"name" : "20050215 [USN-82-1] Linux kernel vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=full-disclosure&m=110846102231365&w=2"
},
{
"name" : "12598",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12598"
},
{
"name" : "oval:org.mitre.oval:def:10298",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10298"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:10298",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10298"
},
{
"name": "12598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12598"
},
{
"name": "RHSA-2005:092",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-092.html"
},
{
"name": "20050215 [USN-82-1] Linux kernel vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=full-disclosure&m=110846102231365&w=2"
},
{
"name": "CLA-2005:930",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930"
},
{
"name": "http://linux.bkbits.net:8080/linux-2.6/cset@41e2bfbeOiXFga62XrBhzm7Kv9QDmQ",
"refsource": "CONFIRM",
"url": "http://linux.bkbits.net:8080/linux-2.6/cset@41e2bfbeOiXFga62XrBhzm7Kv9QDmQ"
}
]
}
}

160
2005/0xxx/CVE-2005-0343.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0343",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in PerlDesk 1.x allows remote attackers to inject arbitrary SQL commands via the view parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0343",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050207 [SePro Bugtraq] SQL-Injection in PerlDesk 1.x",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110782042532295&w=2"
},
{
"name" : "http://www.security-project.org/projects/board/showthread.php?p=5172#post5172",
"refsource" : "MISC",
"url" : "http://www.security-project.org/projects/board/showthread.php?p=5172#post5172"
},
{
"name" : "12471",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12471"
},
{
"name" : "12512",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12512"
},
{
"name" : "perldesk-view-sql-injection(19245)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19245"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in PerlDesk 1.x allows remote attackers to inject arbitrary SQL commands via the view parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "perldesk-view-sql-injection(19245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19245"
},
{
"name": "12512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12512"
},
{
"name": "12471",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12471"
},
{
"name": "20050207 [SePro Bugtraq] SQL-Injection in PerlDesk 1.x",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110782042532295&w=2"
},
{
"name": "http://www.security-project.org/projects/board/showthread.php?p=5172#post5172",
"refsource": "MISC",
"url": "http://www.security-project.org/projects/board/showthread.php?p=5172#post5172"
}
]
}
}

150
2005/0xxx/CVE-2005-0805.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0805",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0805",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050318 possible SQL injection in Subdreamer",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111116479910230&w=2"
},
{
"name" : "20060621 Re: possible SQL injection in Subdreamer",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/437983/100/200/threaded"
},
{
"name" : "http://www.subdreamer.com/forum/showthread.php?t=2501",
"refsource" : "CONFIRM",
"url" : "http://www.subdreamer.com/forum/showthread.php?t=2501"
},
{
"name" : "12839",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12839"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050318 possible SQL injection in Subdreamer",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111116479910230&w=2"
},
{
"name": "http://www.subdreamer.com/forum/showthread.php?t=2501",
"refsource": "CONFIRM",
"url": "http://www.subdreamer.com/forum/showthread.php?t=2501"
},
{
"name": "20060621 Re: possible SQL injection in Subdreamer",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/437983/100/200/threaded"
},
{
"name": "12839",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12839"
}
]
}
}

210
2005/1xxx/CVE-2005-1248.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1248",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ngssoftware.com/advisories/itunes.txt",
"refsource" : "MISC",
"url" : "http://www.ngssoftware.com/advisories/itunes.txt"
},
{
"name" : "APPLE-SA-2005-05-09",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00003.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=301596",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=301596"
},
{
"name" : "13565",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13565"
},
{
"name" : "oval:org.mitre.oval:def:17304",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17304"
},
{
"name" : "ADV-2005-0504",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0504"
},
{
"name" : "16243",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16243"
},
{
"name" : "1013927",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013927"
},
{
"name" : "15310",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15310"
},
{
"name" : "apple-itunes-mpeg4-bo(20498)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20498"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15310"
},
{
"name": "http://www.ngssoftware.com/advisories/itunes.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/itunes.txt"
},
{
"name": "apple-itunes-mpeg4-bo(20498)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20498"
},
{
"name": "16243",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16243"
},
{
"name": "APPLE-SA-2005-05-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/May/msg00003.html"
},
{
"name": "oval:org.mitre.oval:def:17304",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17304"
},
{
"name": "13565",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13565"
},
{
"name": "1013927",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013927"
},
{
"name": "ADV-2005-0504",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0504"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=301596",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=301596"
}
]
}
}

120
2005/1xxx/CVE-2005-1330.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1330",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2005-05-03",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2005-05-03",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/May/msg00001.html"
}
]
}
}

150
2005/1xxx/CVE-2005-1501.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1501",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050505 [hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111533057918993&w=2"
},
{
"name" : "http://www.hackgen.org/advisories/hackgen-2005-004.txt",
"refsource" : "MISC",
"url" : "http://www.hackgen.org/advisories/hackgen-2005-004.txt"
},
{
"name" : "16172",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16172"
},
{
"name" : "midicart-path-disclosure(20425)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20425"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16172",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16172"
},
{
"name": "http://www.hackgen.org/advisories/hackgen-2005-004.txt",
"refsource": "MISC",
"url": "http://www.hackgen.org/advisories/hackgen-2005-004.txt"
},
{
"name": "midicart-path-disclosure(20425)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20425"
},
{
"name": "20050505 [hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111533057918993&w=2"
}
]
}
}

120
2005/1xxx/CVE-2005-1617.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050513 Willings WebCam - Password Disclosure Issue",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111601481221137&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Willings WebCam and WebCam Lite 2.8 and earlier stores the password in memory in plaintext, which allows local users to gain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050513 Willings WebCam - Password Disclosure Issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111601481221137&w=2"
}
]
}
}

130
2009/0xxx/CVE-2009-0768.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0768",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0768",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7984",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7984"
},
{
"name" : "33620",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33620"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the forumID parameter in a next action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7984",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7984"
},
{
"name": "33620",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33620"
}
]
}
}

220
2009/1xxx/CVE-2009-1042.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1042",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.zdnet.com/security/?p=2934",
"refsource" : "MISC",
"url" : "http://blogs.zdnet.com/security/?p=2934"
},
{
"name" : "http://cansecwest.com/index.html",
"refsource" : "MISC",
"url" : "http://cansecwest.com/index.html"
},
{
"name" : "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009",
"refsource" : "MISC",
"url" : "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009"
},
{
"name" : "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits",
"refsource" : "MISC",
"url" : "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits"
},
{
"name" : "http://news.cnet.com/8301-1009_3-10199652-83.html",
"refsource" : "MISC",
"url" : "http://news.cnet.com/8301-1009_3-10199652-83.html"
},
{
"name" : "http://twitter.com/tippingpoint1/status/1351485521",
"refsource" : "MISC",
"url" : "http://twitter.com/tippingpoint1/status/1351485521"
},
{
"name" : "http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889",
"refsource" : "MISC",
"url" : "http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889"
},
{
"name" : "34183",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34183"
},
{
"name" : "52888",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52888"
},
{
"name" : "1021879",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021879"
},
{
"name" : "apple-safari-unspecified-code-execution(49388)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49388"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2009/03/18/pwn2own-2009-day-1---safari-internet-explorer-and-firefox-taken-down-by-four-zero-day-exploits"
},
{
"name": "apple-safari-unspecified-code-execution(49388)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49388"
},
{
"name": "34183",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34183"
},
{
"name": "http://cansecwest.com/index.html",
"refsource": "MISC",
"url": "http://cansecwest.com/index.html"
},
{
"name": "52888",
"refsource": "OSVDB",
"url": "http://osvdb.org/52888"
},
{
"name": "1021879",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021879"
},
{
"name": "http://twitter.com/tippingpoint1/status/1351485521",
"refsource": "MISC",
"url": "http://twitter.com/tippingpoint1/status/1351485521"
},
{
"name": "http://news.cnet.com/8301-1009_3-10199652-83.html",
"refsource": "MISC",
"url": "http://news.cnet.com/8301-1009_3-10199652-83.html"
},
{
"name": "http://blogs.zdnet.com/security/?p=2934",
"refsource": "MISC",
"url": "http://blogs.zdnet.com/security/?p=2934"
},
{
"name": "http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889",
"refsource": "MISC",
"url": "http://www.h-online.com/security/Pwn2Own-2009-Safari-IE-8-and-Firefox-exploited--/news/112889"
},
{
"name": "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009",
"refsource": "MISC",
"url": "http://dvlabs.tippingpoint.com/blog/2009/02/25/pwn2own-2009"
}
]
}
}

160
2009/1xxx/CVE-2009-1050.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1050",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8243",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8243"
},
{
"name" : "34187",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34187"
},
{
"name" : "52838",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52838"
},
{
"name" : "34395",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34395"
},
{
"name" : "bloginator-cookie-security-bypass(49324)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49324"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bloginator 1A allows remote attackers to bypass authentication and gain administrative access by setting the identifyYourself cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "52838",
"refsource": "OSVDB",
"url": "http://osvdb.org/52838"
},
{
"name": "34395",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34395"
},
{
"name": "bloginator-cookie-security-bypass(49324)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49324"
},
{
"name": "34187",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34187"
},
{
"name": "8243",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8243"
}
]
}
}

530
2009/1xxx/CVE-2009-1182.json
View File

@ -1,267 +1,267 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1182",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=495896",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=495896"
},
{
"name" : "http://poppler.freedesktop.org/releases.html",
"refsource" : "CONFIRM",
"url" : "http://poppler.freedesktop.org/releases.html"
},
{
"name" : "DSA-1790",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1790"
},
{
"name" : "DSA-1793",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1793"
},
{
"name" : "FEDORA-2009-6973",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name" : "FEDORA-2009-6982",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name" : "FEDORA-2009-6972",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name" : "MDVSA-2009:101",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name" : "MDVSA-2010:087",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name" : "MDVSA-2011:175",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name" : "RHSA-2009:0430",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name" : "RHSA-2009:0429",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name" : "RHSA-2009:0431",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name" : "RHSA-2009:0458",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name" : "RHSA-2009:0480",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name" : "SSA:2009-129-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477"
},
{
"name" : "SUSE-SA:2009:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name" : "SUSE-SR:2009:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name" : "SUSE-SR:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name" : "VU#196617",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/196617"
},
{
"name" : "34568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34568"
},
{
"name" : "oval:org.mitre.oval:def:10735",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735"
},
{
"name" : "1022073",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022073"
},
{
"name" : "34755",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34755"
},
{
"name" : "34291",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34291"
},
{
"name" : "34481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34481"
},
{
"name" : "34746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34746"
},
{
"name" : "34852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34852"
},
{
"name" : "34756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34756"
},
{
"name" : "34959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34959"
},
{
"name" : "34963",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34963"
},
{
"name" : "35037",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35037"
},
{
"name" : "35065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35065"
},
{
"name" : "34991",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34991"
},
{
"name" : "35064",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35064"
},
{
"name" : "35618",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35618"
},
{
"name" : "35685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35685"
},
{
"name" : "ADV-2009-1065",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name" : "ADV-2009-1066",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name" : "ADV-2009-1076",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name" : "ADV-2009-1077",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name" : "ADV-2010-1040",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1040"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1793",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34963"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=495896",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495896"
},
{
"name": "DSA-1790",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35618"
},
{
"name": "oval:org.mitre.oval:def:10735",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10735"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "http://poppler.freedesktop.org/releases.html",
"refsource": "CONFIRM",
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34959"
},
{
"name": "34746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022073"
}
]
}
}

170
2009/1xxx/CVE-2009-1201.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1201",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090624 Trustwave's SpiderLabs Security Advisory TWSL2009-002",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504516/100/0/threaded"
},
{
"name" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt",
"refsource" : "MISC",
"url" : "https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt"
},
{
"name" : "35476",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35476"
},
{
"name" : "1022457",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022457"
},
{
"name" : "35511",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35511"
},
{
"name" : "ADV-2009-1713",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1713"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35476",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35476"
},
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2009-002.txt"
},
{
"name": "20090624 Trustwave's SpiderLabs Security Advisory TWSL2009-002",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504516/100/0/threaded"
},
{
"name": "1022457",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022457"
},
{
"name": "ADV-2009-1713",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1713"
},
{
"name": "35511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35511"
}
]
}
}

120
2009/1xxx/CVE-2009-1361.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1361",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "34773",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34773"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34773",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34773"
}
]
}
}

300
2009/1xxx/CVE-2009-1572.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1572",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090501 CVE request (sort of): Quagga BGP crasher",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/05/01/1"
},
{
"name" : "[oss-security] 20090501 Re: CVE request (sort of): Quagga BGP crasher",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/05/01/2"
},
{
"name" : "[quagga-dev] 20090203 [quagga-dev 6391] [PATCH] BGP 4-byte ASN bug fixes",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=quagga-dev&m=123364779626078&w=2"
},
{
"name" : "http://thread.gmane.org/gmane.network.quagga.devel/6513",
"refsource" : "MISC",
"url" : "http://thread.gmane.org/gmane.network.quagga.devel/6513"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311"
},
{
"name" : "DSA-1788",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1788"
},
{
"name" : "FEDORA-2009-5284",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html"
},
{
"name" : "FEDORA-2009-5324",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html"
},
{
"name" : "MDVSA-2009:109",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:109"
},
{
"name" : "SUSE-SR:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name" : "USN-775-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-775-1"
},
{
"name" : "34817",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34817"
},
{
"name" : "54200",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/54200"
},
{
"name" : "1022164",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022164"
},
{
"name" : "34999",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34999"
},
{
"name" : "35061",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35061"
},
{
"name" : "35203",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35203"
},
{
"name" : "35685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35685"
},
{
"name" : "quagga-systemnumber-dos(50317)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50317"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54200",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/54200"
},
{
"name": "35203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35203"
},
{
"name": "34999",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34999"
},
{
"name": "MDVSA-2009:109",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:109"
},
{
"name": "1022164",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022164"
},
{
"name": "USN-775-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-775-1"
},
{
"name": "[oss-security] 20090501 CVE request (sort of): Quagga BGP crasher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/1"
},
{
"name": "[quagga-dev] 20090203 [quagga-dev 6391] [PATCH] BGP 4-byte ASN bug fixes",
"refsource": "MLIST",
"url": "http://marc.info/?l=quagga-dev&m=123364779626078&w=2"
},
{
"name": "http://thread.gmane.org/gmane.network.quagga.devel/6513",
"refsource": "MISC",
"url": "http://thread.gmane.org/gmane.network.quagga.devel/6513"
},
{
"name": "DSA-1788",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1788"
},
{
"name": "quagga-systemnumber-dos(50317)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50317"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "FEDORA-2009-5324",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01107.html"
},
{
"name": "35061",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35061"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526311"
},
{
"name": "FEDORA-2009-5284",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01037.html"
},
{
"name": "34817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34817"
},
{
"name": "[oss-security] 20090501 Re: CVE request (sort of): Quagga BGP crasher",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/01/2"
}
]
}
}

180
2009/1xxx/CVE-2009-1940.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1940",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1940",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html",
"refsource" : "CONFIRM",
"url" : "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"name" : "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name" : "35189",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35189"
},
{
"name" : "54869",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54869"
},
{
"name" : "35278",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35278"
},
{
"name" : "ADV-2009-1497",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1497"
},
{
"name" : "joomla-comusers-xss(50924)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrator panel in the com_users core component for Joomla! 1.5.x through 1.5.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "joomla-comusers-xss(50924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50924"
},
{
"name": "54869",
"refsource": "OSVDB",
"url": "http://osvdb.org/54869"
},
{
"name": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/announcements/release-news/5235-joomla-1511-security-release-now-available.html"
},
{
"name": "35189",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35189"
},
{
"name": "35278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35278"
},
{
"name": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html",
"refsource": "CONFIRM",
"url": "http://developer.joomla.org/security/news/295-20090601-core-comusers-xss.html"
},
{
"name": "ADV-2009-1497",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1497"
}
]
}
}

250
2009/4xxx/CVE-2009-4210.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4210",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091208 Fortinet Advisory: Fortinet Discovers Vulnerability in Indeo Codec",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508323/100/0/threaded"
},
{
"name" : "http://www.fortiguard.com/advisory/FGA-2009-45.html",
"refsource" : "MISC",
"url" : "http://www.fortiguard.com/advisory/FGA-2009-45.html"
},
{
"name" : "http://www.microsoft.com/technet/security/advisory/954157.mspx",
"refsource" : "CONFIRM",
"url" : "http://www.microsoft.com/technet/security/advisory/954157.mspx"
},
{
"name" : "954157",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/kb/954157"
},
{
"name" : "955759",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/kb/955759"
},
{
"name" : "976138",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/kb/976138"
},
{
"name" : "37251",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37251"
},
{
"name" : "60857",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/60857"
},
{
"name" : "oval:org.mitre.oval:def:11677",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11677"
},
{
"name" : "1023302",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023302"
},
{
"name" : "37592",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37592"
},
{
"name" : "ADV-2009-3440",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3440"
},
{
"name" : "ms-ie-content-code-execution(54645)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54645"
},
{
"name" : "ms-ie-indeo-code-execution(54644)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54644"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "955759",
"refsource": "MSKB",
"url": "http://support.microsoft.com/kb/955759"
},
{
"name": "oval:org.mitre.oval:def:11677",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11677"
},
{
"name": "ms-ie-indeo-code-execution(54644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54644"
},
{
"name": "1023302",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023302"
},
{
"name": "37251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37251"
},
{
"name": "20091208 Fortinet Advisory: Fortinet Discovers Vulnerability in Indeo Codec",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508323/100/0/threaded"
},
{
"name": "60857",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60857"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/954157.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/954157.mspx"
},
{
"name": "976138",
"refsource": "MSKB",
"url": "http://support.microsoft.com/kb/976138"
},
{
"name": "ADV-2009-3440",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3440"
},
{
"name": "954157",
"refsource": "MSKB",
"url": "http://support.microsoft.com/kb/954157"
},
{
"name": "http://www.fortiguard.com/advisory/FGA-2009-45.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/advisory/FGA-2009-45.html"
},
{
"name": "ms-ie-content-code-execution(54645)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54645"
},
{
"name": "37592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37592"
}
]
}
}

140
2009/5xxx/CVE-2009-5040.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5040",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
},
{
"name" : "45765",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/45765"
},
{
"name" : "ciscoios-callmanager-dos(64681)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/64681"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote authenticated users to cause a denial of service (device crash) by using an extension mobility (EM) phone to interact with the menu for SNR number changes, aka Bug ID CSCta63555."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscoios-callmanager-dos(64681)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/64681"
},
{
"name": "45765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/45765"
},
{
"name": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/ios/15_0/15_0x/15_01_XA/rn800xa.pdf"
}
]
}
}

140
2012/2xxx/CVE-2012-2172.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2172",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
},
{
"name" : "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
},
{
"name" : "ssds-multiple-mp-xss(75239)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75239"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in the Storage Manager Profiler in IBM System Storage DS Storage Manager before 10.83.xx.18 on DS Series devices allows remote attackers to inject arbitrary web script or HTML via the updateRegn parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/codes/ibmssdssmp_sqlixss.txt"
},
{
"name": "ssds-multiple-mp-xss(75239)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75239"
},
{
"name": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/connections/blogs/PSIRT/entry/secbulletin_stg-storage_cve-2012-2171_cve-2012-2172"
}
]
}
}

140
2012/2xxx/CVE-2012-2239.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2239",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-2239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.launchpad.net/mahara/+bug/1047111",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/mahara/+bug/1047111"
},
{
"name" : "https://mahara.org/interaction/forum/topic.php?id=4869",
"refsource" : "CONFIRM",
"url" : "https://mahara.org/interaction/forum/topic.php?id=4869"
},
{
"name" : "DSA-2591",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2591"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote attackers to read arbitrary files or create TCP connections via an XML external entity (XXE) injection attack, as demonstrated by reading config.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2591",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2591"
},
{
"name": "https://bugs.launchpad.net/mahara/+bug/1047111",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/1047111"
},
{
"name": "https://mahara.org/interaction/forum/topic.php?id=4869",
"refsource": "CONFIRM",
"url": "https://mahara.org/interaction/forum/topic.php?id=4869"
}
]
}
}

34
2012/2xxx/CVE-2012-2987.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2987",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2987",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2012/3xxx/CVE-2012-3751.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3751",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3751",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5581",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5581"
},
{
"name" : "APPLE-SA-2012-11-07-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html"
},
{
"name" : "oval:org.mitre.oval:def:16166",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16166"
},
{
"name" : "51226",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51226"
},
{
"name" : "apple-quicktime-qtactivex-code-exec(79897)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79897"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with a crafted _qtactivex_ parameter in an OBJECT element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "apple-quicktime-qtactivex-code-exec(79897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79897"
},
{
"name": "51226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51226"
},
{
"name": "APPLE-SA-2012-11-07-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Nov/msg00002.html"
},
{
"name": "oval:org.mitre.oval:def:16166",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16166"
},
{
"name": "http://support.apple.com/kb/HT5581",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5581"
}
]
}
}

34
2012/3xxx/CVE-2012-3896.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3896",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3896",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2012/4xxx/CVE-2012-4158.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4158",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4159, and CVE-2012-4160."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-4158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
},
{
"name" : "GLSA-201308-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml"
},
{
"name" : "oval:org.mitre.oval:def:16236",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16236"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4159, and CVE-2012-4160."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:16236",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16236"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
},
{
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}
}

300
2012/4xxx/CVE-2012-4217.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4217",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=802902",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=802902"
},
{
"name" : "openSUSE-SU-2012:1583",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
},
{
"name" : "openSUSE-SU-2012:1585",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
},
{
"name" : "openSUSE-SU-2012:1586",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
},
{
"name" : "SUSE-SU-2012:1592",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
},
{
"name" : "openSUSE-SU-2013:0175",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
},
{
"name" : "USN-1638-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1638-1"
},
{
"name" : "USN-1638-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1638-3"
},
{
"name" : "USN-1638-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1638-2"
},
{
"name" : "USN-1636-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1636-1"
},
{
"name" : "56639",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56639"
},
{
"name" : "oval:org.mitre.oval:def:16958",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16958"
},
{
"name" : "51369",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51369"
},
{
"name" : "51381",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51381"
},
{
"name" : "51434",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51434"
},
{
"name" : "51439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51439"
},
{
"name" : "51440",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51440"
},
{
"name" : "51370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51370"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the nsViewManager::ProcessPendingUpdates function in Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before 2.14 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56639",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56639"
},
{
"name": "USN-1638-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1638-3"
},
{
"name": "51370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51370"
},
{
"name": "USN-1638-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1638-2"
},
{
"name": "openSUSE-SU-2012:1586",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00093.html"
},
{
"name": "USN-1636-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1636-1"
},
{
"name": "openSUSE-SU-2013:0175",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00022.html"
},
{
"name": "oval:org.mitre.oval:def:16958",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16958"
},
{
"name": "51434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51434"
},
{
"name": "openSUSE-SU-2012:1583",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00090.html"
},
{
"name": "51439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51439"
},
{
"name": "51440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51440"
},
{
"name": "USN-1638-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1638-1"
},
{
"name": "SUSE-SU-2012:1592",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00021.html"
},
{
"name": "openSUSE-SU-2012:1585",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00092.html"
},
{
"name": "51381",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51381"
},
{
"name": "51369",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51369"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-105.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=802902",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=802902"
}
]
}
}

160
2012/4xxx/CVE-2012-4483.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4483",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4483",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121004 CVE Request for Drupal Contributed Modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/10/04/6"
},
{
"name" : "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/10/07/1"
},
{
"name" : "http://drupal.org/node/1679820",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1679820"
},
{
"name" : "http://drupal.org/node/1679908",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1679908"
},
{
"name" : "http://drupalcode.org/project/commons.git/commitdiff/8ef688b",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/commons.git/commitdiff/8ef688b"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not properly enforce intended node access restrictions, which might allow remote attackers to obtain sensitive information via the recent comments listing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20121004 CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/04/6"
},
{
"name": "http://drupalcode.org/project/commons.git/commitdiff/8ef688b",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/commons.git/commitdiff/8ef688b"
},
{
"name": "http://drupal.org/node/1679820",
"refsource": "MISC",
"url": "http://drupal.org/node/1679820"
},
{
"name": "http://drupal.org/node/1679908",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1679908"
},
{
"name": "[oss-security] 20121007 Re: CVE Request for Drupal Contributed Modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/07/1"
}
]
}
}

130
2012/4xxx/CVE-2012-4715.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a UDP packet with a certain integer length value that is (1) too large or (2) too small, leading to improper handling by Logger.dll."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2012-4715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf",
"refsource" : "MISC",
"url" : "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf"
},
{
"name" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599",
"refsource" : "CONFIRM",
"url" : "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a UDP packet with a certain integer length value that is (1) too large or (2) too small, leading to improper handling by Logger.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf",
"refsource": "MISC",
"url": "http://ics-cert.us-cert.gov/pdf/ICSA-13-095-02.pdf"
},
{
"name": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599",
"refsource": "CONFIRM",
"url": "https://rockwellautomation.custhelp.com/app/answers/detail/a_id/537599"
}
]
}
}

34
2012/6xxx/CVE-2012-6071.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6071",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6071",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/6xxx/CVE-2012-6652.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6652",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6652",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2015/5xxx/CVE-2015-5668.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5668",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5668",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tpj.co.jp/enisys/resource.html",
"refsource" : "CONFIRM",
"url" : "http://www.tpj.co.jp/enisys/resource.html"
},
{
"name" : "JVN#58615092",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN58615092/index.html"
},
{
"name" : "JVNDB-2015-000167",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000167"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#58615092",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN58615092/index.html"
},
{
"name": "JVNDB-2015-000167",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000167"
},
{
"name": "http://www.tpj.co.jp/enisys/resource.html",
"refsource": "CONFIRM",
"url": "http://www.tpj.co.jp/enisys/resource.html"
}
]
}
}

140
2015/5xxx/CVE-2015-5711.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5711",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.tibco.com/assets/blt423f06fbac6ee0c6/2015-003-advisory.txt",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/assets/blt423f06fbac6ee0c6/2015-003-advisory.txt"
},
{
"name" : "http://www.tibco.com/mk/advisory.jsp",
"refsource" : "CONFIRM",
"url" : "http://www.tibco.com/mk/advisory.jsp"
},
{
"name" : "1033678",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033678"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File Transfer Command Center before 7.2.5, Slingshot before 1.9.4, and Vault before 2.0.1 allow remote authenticated users to obtain sensitive information via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.tibco.com/assets/blt423f06fbac6ee0c6/2015-003-advisory.txt",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/assets/blt423f06fbac6ee0c6/2015-003-advisory.txt"
},
{
"name": "http://www.tibco.com/mk/advisory.jsp",
"refsource": "CONFIRM",
"url": "http://www.tibco.com/mk/advisory.jsp"
},
{
"name": "1033678",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033678"
}
]
}
}

34
2017/2xxx/CVE-2017-2260.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2260",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2260",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2017/2xxx/CVE-2017-2660.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2660",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2660",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2017/2xxx/CVE-2017-2824.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"ID" : "CVE-2017-2824",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Zabbix Server",
"version" : {
"version_data" : [
{
"version_value" : "2.4.8.r1"
}
]
}
}
]
},
"vendor_name" : "Zabbix"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"ID": "CVE-2017-2824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zabbix Server",
"version": {
"version_data": [
{
"version_value": "2.4.8.r1"
}
]
}
}
]
},
"vendor_name": "Zabbix"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0325",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0325"
},
{
"name" : "DSA-3937",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2017/dsa-3937"
},
{
"name" : "98083",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/98083"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0325",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2017-0325"
},
{
"name": "98083",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98083"
},
{
"name": "DSA-3937",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3937"
}
]
}
}

120
2017/6xxx/CVE-2017-6213.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-6213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-6213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/paypal/invoice-sdk-php/issues/13",
"refsource" : "CONFIRM",
"url" : "https://github.com/paypal/invoice-sdk-php/issues/13"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "paypal/invoice-sdk-php is vulnerable to reflected XSS in samples/permissions.php via the permToken parameter, resulting in code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/paypal/invoice-sdk-php/issues/13",
"refsource": "CONFIRM",
"url": "https://github.com/paypal/invoice-sdk-php/issues/13"
}
]
}
}

154
2018/11xxx/CVE-2018-11787.json
View File

@ -1,79 +1,79 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-09-18T00:00:00",
"ID" : "CVE-2018-11787",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Karaf",
"version" : {
"version_data" : [
{
"version_value" : "prior to 3.0.9"
},
{
"version_value" : "4.0.x prior to 4.0.9"
},
{
"version_value" : "4.1.x prior to 4.1.1"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Unsecure Access"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-09-18T00:00:00",
"ID": "CVE-2018-11787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Karaf",
"version": {
"version_data": [
{
"version_value": "prior to 3.0.9"
},
{
"version_value": "4.0.x prior to 4.0.9"
},
{
"version_value": "4.1.x prior to 4.1.1"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[karaf-dev] 20180918 [SECURITY] New security advisory for CVE-2018-11787 released for Apache Karaf",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/d9ba4c3104ba32225646879a057b75b54430f349c246c85469037d3c@%3Cdev.karaf.apache.org%3E"
},
{
"name" : "http://karaf.apache.org/security/cve-2018-11787.txt",
"refsource" : "CONFIRM",
"url" : "http://karaf.apache.org/security/cve-2018-11787.txt"
},
{
"name" : "https://issues.apache.org/jira/browse/KARAF-4993",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/KARAF-4993"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Karaf version prior to 3.0.9, 4.0.9, 4.1.1, when the webconsole feature is installed in Karaf, it is available at .../system/console and requires authentication to access it. One part of the console is a Gogo shell/console that gives access to the command line console of Karaf via a Web browser, and when navigated to it is available at .../system/console/gogo. Trying to go directly to that URL does require authentication. And optional bundle that some applications use is the Pax Web Extender Whiteboard, it is part of the pax-war feature and perhaps others. When it is installed, the Gogo console becomes available at another URL .../gogo/, and that URL is not secured giving access to the Karaf console to unauthenticated users. A mitigation for the issue is to manually stop/uninstall Gogo plugin bundle that is installed with the webconsole feature, although of course this removes the console from the .../system/console application, not only from the unauthenticated endpoint. One could also stop/uninstall the Pax Web Extender Whiteboard, but other components/applications may require it and so their functionality would be reduced/compromised."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Unsecure Access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://issues.apache.org/jira/browse/KARAF-4993",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/KARAF-4993"
},
{
"name": "[karaf-dev] 20180918 [SECURITY] New security advisory for CVE-2018-11787 released for Apache Karaf",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/d9ba4c3104ba32225646879a057b75b54430f349c246c85469037d3c@%3Cdev.karaf.apache.org%3E"
},
{
"name": "http://karaf.apache.org/security/cve-2018-11787.txt",
"refsource": "CONFIRM",
"url": "http://karaf.apache.org/security/cve-2018-11787.txt"
}
]
}
}

130
2018/11xxx/CVE-2018-11860.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11860",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp event due to lack of check on the message length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy Without Checking Size of Input in WLAN"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=7a8639875bb01bca2dcac7bda9e5d986fbf8683f",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=7a8639875bb01bca2dcac7bda9e5d986fbf8683f"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp event due to lack of check on the message length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=7a8639875bb01bca2dcac7bda9e5d986fbf8683f",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=7a8639875bb01bca2dcac7bda9e5d986fbf8683f"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
]
}
}

34
2018/14xxx/CVE-2018-14112.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14112",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14112",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/14xxx/CVE-2018-14248.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14248",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.1049"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsXFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6011."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14248",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.1049"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-708",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-708"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsXFDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6011."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-708",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-708"
}
]
}
}

130
2018/14xxx/CVE-2018-14282.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.1049"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FlateDecode streams. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5763."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-665-Improper Initialization"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.1049"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-742",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-742"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of FlateDecode streams. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5763."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-665-Improper Initialization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-742",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-742"
},
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}

34
2018/14xxx/CVE-2018-14425.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14425",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14425",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2018/15xxx/CVE-2018-15152.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15152",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://insecurity.sh/reports/openemr.pdf",
"refsource" : "MISC",
"url" : "https://insecurity.sh/reports/openemr.pdf"
},
{
"name" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/",
"refsource" : "MISC",
"url" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/"
},
{
"name" : "https://github.com/openemr/openemr/pull/1758/files",
"refsource" : "CONFIRM",
"url" : "https://github.com/openemr/openemr/pull/1758/files"
},
{
"name" : "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches",
"refsource" : "CONFIRM",
"url" : "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before 5.0.1.4 allows a remote attacker to access (1) portal/add_edit_event_user.php, (2) portal/find_appt_popup_user.php, (3) portal/get_allergies.php, (4) portal/get_amendments.php, (5) portal/get_lab_results.php, (6) portal/get_medications.php, (7) portal/get_patient_documents.php, (8) portal/get_problems.php, (9) portal/get_profile.php, (10) portal/portal_payment.php, (11) portal/messaging/messages.php, (12) portal/messaging/secure_chat.php, (13) portal/report/pat_ledger.php, (14) portal/report/portal_custom_report.php, or (15) portal/report/portal_patient_report.php without authenticating as a patient."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://insecurity.sh/reports/openemr.pdf",
"refsource": "MISC",
"url": "https://insecurity.sh/reports/openemr.pdf"
},
{
"name": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/",
"refsource": "MISC",
"url": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/"
},
{
"name": "https://github.com/openemr/openemr/pull/1758/files",
"refsource": "CONFIRM",
"url": "https://github.com/openemr/openemr/pull/1758/files"
},
{
"name": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches",
"refsource": "CONFIRM",
"url": "https://www.open-emr.org/wiki/index.php/OpenEMR_Patches"
}
]
}
}

34
2018/15xxx/CVE-2018-15276.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15276",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15276",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15577.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15577",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15577",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/15xxx/CVE-2018-15881.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15881",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15881",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html",
"refsource" : "CONFIRM",
"url" : "https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html"
},
{
"name" : "105161",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105161"
},
{
"name" : "1041913",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041913"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105161"
},
{
"name": "1041913",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041913"
},
{
"name": "https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html",
"refsource": "CONFIRM",
"url": "https://developer.joomla.org/security-centre/745-20180803-core-acl-violation-in-custom-fields.html"
}
]
}
}

34
2018/20xxx/CVE-2018-20642.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-20642",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-20642",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

244
2018/8xxx/CVE-2018-8147.json
View File

@ -1,124 +1,124 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8147",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Office",
"version" : {
"version_data" : [
{
"version_value" : "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value" : "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value" : "2013 RT Service Pack 1"
},
{
"version_value" : "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value" : "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value" : "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value" : "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"version_value" : "2016 for Mac"
},
{
"version_value" : "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name" : "Microsoft Excel",
"version" : {
"version_data" : [
{
"version_value" : "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value" : "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value" : "2013 RT Service Pack 1"
},
{
"version_value" : "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value" : "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value" : "2016 (32-bit edition)"
},
{
"version_value" : "2016 (64-bit edition)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8147",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"version_value": "2016 for Mac"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8147",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8147"
},
{
"name" : "104035",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104035"
},
{
"name" : "1040857",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040857"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8148, CVE-2018-8162."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040857",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040857"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8147",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8147"
},
{
"name": "104035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104035"
}
]
}
}

34
2018/8xxx/CVE-2018-8704.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8704",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8704",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}