admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:42:59 +00:00
parent 2bc64eca29
commit 5220e34cf2
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 4460 additions and 4460 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2002/2xxx/CVE-2002-2123.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2123",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021228 Gallery v1.3.2 allows remote exploit (fixed in 1.3.3)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/304611"
},
{
"name" : "6489",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6489"
},
{
"name" : "gallery-winxppublishing-command-execution(10943)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10943"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "gallery-winxppublishing-command-execution(10943)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10943"
},
{
"name": "20021228 Gallery v1.3.2 allows remote exploit (fixed in 1.3.3)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/304611"
},
{
"name": "6489",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6489"
}
]
}
}

180
2005/0xxx/CVE-2005-0589.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0589",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-0589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/mfsa2005-19.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/mfsa2005-19.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=270697",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=270697"
},
{
"name" : "GLSA-200503-10",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name" : "RHSA-2005:176",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"name" : "12659",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12659"
},
{
"name" : "oval:org.mitre.oval:def:100039",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100039"
},
{
"name" : "oval:org.mitre.oval:def:10825",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10825"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12659",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12659"
},
{
"name": "oval:org.mitre.oval:def:10825",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10825"
},
{
"name": "oval:org.mitre.oval:def:100039",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100039"
},
{
"name": "http://www.mozilla.org/security/announce/mfsa2005-19.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/mfsa2005-19.html"
},
{
"name": "RHSA-2005:176",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-176.html"
},
{
"name": "GLSA-200503-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=270697",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=270697"
}
]
}
}

140
2005/1xxx/CVE-2005-1117.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1117",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1117",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050414 All4WWW-Homepagecreator Remote Command Execution",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111350434925520&w=2"
},
{
"name" : "13169",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13169"
},
{
"name" : "14972",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14972"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14972"
},
{
"name": "20050414 All4WWW-Homepagecreator Remote Command Execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111350434925520&w=2"
},
{
"name": "13169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13169"
}
]
}
}

180
2005/1xxx/CVE-2005-1203.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1203",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050420 Multiple eGroupware Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111401760125555&w=2"
},
{
"name" : "http://www.gulftech.org/?node=research&article_id=00069-04202005",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00069-04202005"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=320768",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=320768"
},
{
"name" : "GLSA-200504-24",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200504-24.xml"
},
{
"name" : "13212",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13212"
},
{
"name" : "15753",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15753"
},
{
"name" : "14982",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14982"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=320768",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=320768"
},
{
"name": "13212",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13212"
},
{
"name": "http://www.gulftech.org/?node=research&article_id=00069-04202005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00069-04202005"
},
{
"name": "15753",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15753"
},
{
"name": "GLSA-200504-24",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200504-24.xml"
},
{
"name": "20050420 Multiple eGroupware Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111401760125555&w=2"
},
{
"name": "14982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14982"
}
]
}
}

120
2005/1xxx/CVE-2005-1303.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1303",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050424 remote command execution in citat.pl script",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111445477910178&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050424 remote command execution in citat.pl script",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111445477910178&w=2"
}
]
}
}

200
2005/1xxx/CVE-2005-1502.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050505 [hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111533057918993&w=2"
},
{
"name" : "http://www.hackgen.org/advisories/hackgen-2005-004.txt",
"refsource" : "MISC",
"url" : "http://www.hackgen.org/advisories/hackgen-2005-004.txt"
},
{
"name" : "13516",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13516"
},
{
"name" : "13517",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13517"
},
{
"name" : "13518",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13518"
},
{
"name" : "16173",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16173"
},
{
"name" : "16174",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16174"
},
{
"name" : "15269",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15269"
},
{
"name" : "midicart-xss(20427)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20427"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13516",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13516"
},
{
"name": "midicart-xss(20427)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20427"
},
{
"name": "13517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13517"
},
{
"name": "16173",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16173"
},
{
"name": "http://www.hackgen.org/advisories/hackgen-2005-004.txt",
"refsource": "MISC",
"url": "http://www.hackgen.org/advisories/hackgen-2005-004.txt"
},
{
"name": "16174",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16174"
},
{
"name": "13518",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13518"
},
{
"name": "15269",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15269"
},
{
"name": "20050505 [hackgen-2005-#004] - Multiple bugs in MidiCart PHP Shopping Cart",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111533057918993&w=2"
}
]
}
}

450
2005/1xxx/CVE-2005-1849.json
View File

@ -1,227 +1,227 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1849",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-1849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/464745/100/0/threaded"
},
{
"name" : "http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html"
},
{
"name" : "http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html"
},
{
"name" : "APPLE-SA-2005-08-15",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name" : "APPLE-SA-2005-08-17",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name" : "DSA-763",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-763"
},
{
"name" : "DSA-797",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-797"
},
{
"name" : "DSA-1026",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1026"
},
{
"name" : "FLSA:162680",
"refsource" : "FEDORA",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680"
},
{
"name" : "GLSA-200509-18",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml"
},
{
"name" : "GLSA-200603-18",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml"
},
{
"name" : "MDKSA-2005:196",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:196"
},
{
"name" : "MDKSA-2006:070",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:070"
},
{
"name" : "RHSA-2005:584",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-584.html"
},
{
"name" : "RHSA-2008:0629",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
},
{
"name" : "SCOSA-2006.6",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt"
},
{
"name" : "SUSE-SA:2005:043",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_43_zlib.html"
},
{
"name" : "USN-151-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntulinux.org/usn/usn-151-3"
},
{
"name" : "http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz",
"refsource" : "MISC",
"url" : "http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz"
},
{
"name" : "14340",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14340"
},
{
"name" : "oval:org.mitre.oval:def:11402",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402"
},
{
"name" : "ADV-2007-1267",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/1267"
},
{
"name" : "18141",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/18141"
},
{
"name" : "1014540",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014540"
},
{
"name" : "16137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16137"
},
{
"name" : "18377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18377"
},
{
"name" : "17326",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17326"
},
{
"name" : "17516",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17516"
},
{
"name" : "19550",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19550"
},
{
"name" : "19334",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19334"
},
{
"name" : "19597",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19597"
},
{
"name" : "24788",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/24788"
},
{
"name" : "31492",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31492"
},
{
"name" : "zlib-codetable-dos(21456)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21456"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zlib-codetable-dos(21456)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21456"
},
{
"name": "DSA-1026",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1026"
},
{
"name": "19334",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19334"
},
{
"name": "DSA-797",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-797"
},
{
"name": "DSA-763",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-763"
},
{
"name": "GLSA-200509-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml"
},
{
"name": "MDKSA-2005:196",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:196"
},
{
"name": "http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz",
"refsource": "MISC",
"url": "http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz"
},
{
"name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded"
},
{
"name": "USN-151-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntulinux.org/usn/usn-151-3"
},
{
"name": "GLSA-200603-18",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml"
},
{
"name": "RHSA-2005:584",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-584.html"
},
{
"name": "http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vi3/doc/esx-9916286-patch.html"
},
{
"name": "16137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16137"
},
{
"name": "31492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31492"
},
{
"name": "oval:org.mitre.oval:def:11402",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11402"
},
{
"name": "18141",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18141"
},
{
"name": "1014540",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014540"
},
{
"name": "SUSE-SA:2005:043",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_43_zlib.html"
},
{
"name": "MDKSA-2006:070",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:070"
},
{
"name": "RHSA-2008:0629",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0629.html"
},
{
"name": "ADV-2007-1267",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1267"
},
{
"name": "http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vi3/doc/esx-3616065-patch.html"
},
{
"name": "24788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24788"
},
{
"name": "17326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17326"
},
{
"name": "APPLE-SA-2005-08-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html"
},
{
"name": "17516",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17516"
},
{
"name": "14340",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14340"
},
{
"name": "19597",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19597"
},
{
"name": "SCOSA-2006.6",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt"
},
{
"name": "19550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19550"
},
{
"name": "18377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18377"
},
{
"name": "APPLE-SA-2005-08-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html"
},
{
"name": "FLSA:162680",
"refsource": "FEDORA",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680"
}
]
}
}

170
2005/1xxx/CVE-2005-1907.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1907",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1907",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.networksecurity.fi/advisories/windows-isa-firewall.html",
"refsource" : "MISC",
"url" : "http://www.networksecurity.fi/advisories/windows-isa-firewall.html"
},
{
"name" : "894864",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];894864"
},
{
"name" : "http://www.niscc.gov.uk/niscc/docs/br-20050602-00456.html?lang=en",
"refsource" : "MISC",
"url" : "http://www.niscc.gov.uk/niscc/docs/br-20050602-00456.html?lang=en"
},
{
"name" : "13846",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13846"
},
{
"name" : "17031",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17031"
},
{
"name" : "1014113",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014113"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.networksecurity.fi/advisories/windows-isa-firewall.html",
"refsource": "MISC",
"url": "http://www.networksecurity.fi/advisories/windows-isa-firewall.html"
},
{
"name": "17031",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17031"
},
{
"name": "1014113",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014113"
},
{
"name": "894864",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];894864"
},
{
"name": "http://www.niscc.gov.uk/niscc/docs/br-20050602-00456.html?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/br-20050602-00456.html?lang=en"
},
{
"name": "13846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13846"
}
]
}
}

270
2005/3xxx/CVE-2005-3906.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3906",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the \"second and third issues\" identified in SUNALERT:102003."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2005-11-30",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html"
},
{
"name" : "GLSA-200601-10",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml"
},
{
"name" : "102003",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1"
},
{
"name" : "http://www-1.ibm.com/support/docview.wss?uid=swg21225628",
"refsource" : "CONFIRM",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg21225628"
},
{
"name" : "VU#974188",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/974188"
},
{
"name" : "15615",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15615"
},
{
"name" : "ADV-2005-2636",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2636"
},
{
"name" : "ADV-2005-2946",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2946"
},
{
"name" : "ADV-2005-2675",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2675"
},
{
"name" : "1015280",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015280"
},
{
"name" : "17748",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17748"
},
{
"name" : "18092",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18092"
},
{
"name" : "17847",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17847"
},
{
"name" : "18503",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18503"
},
{
"name" : "18435",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18435"
},
{
"name" : "sun-reflection-api-elevate-privileges(23251)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23251"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the \"second and third issues\" identified in SUNALERT:102003."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17847",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17847"
},
{
"name": "18503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18503"
},
{
"name": "18435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18435"
},
{
"name": "15615",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15615"
},
{
"name": "102003",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/searchproxy/document.do?assetkey=1-26-102003-1"
},
{
"name": "ADV-2005-2946",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2946"
},
{
"name": "ADV-2005-2675",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2675"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg21225628"
},
{
"name": "ADV-2005-2636",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2636"
},
{
"name": "GLSA-200601-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-10.xml"
},
{
"name": "VU#974188",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/974188"
},
{
"name": "1015280",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015280"
},
{
"name": "APPLE-SA-2005-11-30",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Nov/msg00004.html"
},
{
"name": "sun-reflection-api-elevate-privileges(23251)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23251"
},
{
"name": "17748",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17748"
},
{
"name": "18092",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18092"
}
]
}
}

150
2005/4xxx/CVE-2005-4087.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4087",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4087",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051207 SugarSuite Open Source <= 4.0beta Remote code execution",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/418840"
},
{
"name" : "15760",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15760"
},
{
"name" : "239",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/239"
},
{
"name" : "sugarsuite-acceptdecline-file-include(23541)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23541"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file include vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to execute arbitrary PHP code via a URL in the beanFiles array parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051207 SugarSuite Open Source <= 4.0beta Remote code execution",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418840"
},
{
"name": "239",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/239"
},
{
"name": "15760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15760"
},
{
"name": "sugarsuite-acceptdecline-file-include(23541)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23541"
}
]
}
}

150
2005/4xxx/CVE-2005-4528.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4528",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4528",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=379608",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=379608"
},
{
"name" : "ADV-2005-3048",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/3048"
},
{
"name" : "22015",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22015"
},
{
"name" : "18184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18184"
},
{
"name": "22015",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22015"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=379608",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=379608"
},
{
"name": "ADV-2005-3048",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3048"
}
]
}
}

220
2005/4xxx/CVE-2005-4798.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4798",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS servers to cause a denial of service (crash) via a long symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and causes a crash in the NFS client."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[linux-kernel] 20050912 [PATCH] nfs client, kernel 2.4.31: readlink result overflow",
"refsource" : "MLIST",
"url" : "http://www.ussg.iu.edu/hypermail/linux/kernel/0509.1/1333.html"
},
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b"
},
{
"name" : "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commitdiff;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commitdiff;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b"
},
{
"name" : "DSA-1183",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1183"
},
{
"name" : "DSA-1184",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1184"
},
{
"name" : "SUSE-SA:2006:028",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name" : "20186",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/20186"
},
{
"name" : "oval:org.mitre.oval:def:11536",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11536"
},
{
"name" : "20398",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20398"
},
{
"name" : "22082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22082"
},
{
"name" : "22093",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22093"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS servers to cause a denial of service (crash) via a long symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and causes a crash in the NFS client."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1183",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1183"
},
{
"name": "oval:org.mitre.oval:def:11536",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11536"
},
{
"name": "22082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22082"
},
{
"name": "SUSE-SA:2006:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006-05-31.html"
},
{
"name": "20186",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20186"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commit;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b"
},
{
"name": "[linux-kernel] 20050912 [PATCH] nfs client, kernel 2.4.31: readlink result overflow",
"refsource": "MLIST",
"url": "http://www.ussg.iu.edu/hypermail/linux/kernel/0509.1/1333.html"
},
{
"name": "20398",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20398"
},
{
"name": "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commitdiff;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git;a=commitdiff;h=87e03738fc15dc3ea4acde3a5dcb5f84b6b6152b"
},
{
"name": "22093",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22093"
},
{
"name": "DSA-1184",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1184"
}
]
}
}

34
2009/0xxx/CVE-2009-0205.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0205",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0205",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2009/0xxx/CVE-2009-0662.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0662",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://plone.org/products/plone/security/advisories/cve-2009-0662",
"refsource" : "CONFIRM",
"url" : "http://plone.org/products/plone/security/advisories/cve-2009-0662"
},
{
"name" : "34664",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34664"
},
{
"name" : "53975",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53975"
},
{
"name" : "34840",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34840"
},
{
"name" : "plone-unspecified-session-hijacking(50061)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50061"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product for Plone, does not properly handle the login form, which allows remote authenticated users to acquire the identity of an arbitrary user via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34664",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34664"
},
{
"name": "plone-unspecified-session-hijacking(50061)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50061"
},
{
"name": "34840",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34840"
},
{
"name": "http://plone.org/products/plone/security/advisories/cve-2009-0662",
"refsource": "CONFIRM",
"url": "http://plone.org/products/plone/security/advisories/cve-2009-0662"
},
{
"name": "53975",
"refsource": "OSVDB",
"url": "http://osvdb.org/53975"
}
]
}
}

530
2009/0xxx/CVE-2009-0800.json
View File

@ -1,267 +1,267 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0800",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple \"input validation flaws\" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=495887",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=495887"
},
{
"name" : "http://poppler.freedesktop.org/releases.html",
"refsource" : "CONFIRM",
"url" : "http://poppler.freedesktop.org/releases.html"
},
{
"name" : "DSA-1790",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1790"
},
{
"name" : "DSA-1793",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1793"
},
{
"name" : "FEDORA-2009-6973",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name" : "FEDORA-2009-6982",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name" : "FEDORA-2009-6972",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name" : "MDVSA-2009:101",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name" : "MDVSA-2010:087",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name" : "MDVSA-2011:175",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name" : "RHSA-2009:0430",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name" : "RHSA-2009:0429",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name" : "RHSA-2009:0431",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name" : "RHSA-2009:0458",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name" : "RHSA-2009:0480",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name" : "SSA:2009-129-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477"
},
{
"name" : "SUSE-SA:2009:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name" : "SUSE-SR:2009:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name" : "SUSE-SR:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name" : "VU#196617",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/196617"
},
{
"name" : "34568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34568"
},
{
"name" : "oval:org.mitre.oval:def:11323",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323"
},
{
"name" : "1022073",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022073"
},
{
"name" : "34755",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34755"
},
{
"name" : "34291",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34291"
},
{
"name" : "34481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34481"
},
{
"name" : "34746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34746"
},
{
"name" : "34852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34852"
},
{
"name" : "34756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34756"
},
{
"name" : "34959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34959"
},
{
"name" : "34963",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34963"
},
{
"name" : "35037",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35037"
},
{
"name" : "35065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35065"
},
{
"name" : "34991",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34991"
},
{
"name" : "35064",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35064"
},
{
"name" : "35618",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35618"
},
{
"name" : "35685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35685"
},
{
"name" : "ADV-2009-1065",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name" : "ADV-2009-1066",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name" : "ADV-2009-1076",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name" : "ADV-2009-1077",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name" : "ADV-2010-1040",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1040"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple \"input validation flaws\" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1793",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "35064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34481"
},
{
"name": "SSA:2009-129-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35618"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=495887",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495887"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "http://poppler.freedesktop.org/releases.html",
"refsource": "CONFIRM",
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34959"
},
{
"name": "oval:org.mitre.oval:def:11323",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11323"
},
{
"name": "34746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022073"
}
]
}
}

200
2009/1xxx/CVE-2009-1068.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090320 Bs.Player <= 2.34 Build 980 (.bsl) local buffer overflow 0day exploit (seh)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502016/100/0/threaded"
},
{
"name" : "8249",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8249"
},
{
"name" : "8251",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8251"
},
{
"name" : "http://retrogod.altervista.org/9sg_bsplayer_seh.html",
"refsource" : "MISC",
"url" : "http://retrogod.altervista.org/9sg_bsplayer_seh.html"
},
{
"name" : "34190",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34190"
},
{
"name" : "52841",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52841"
},
{
"name" : "34412",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34412"
},
{
"name" : "ADV-2009-0800",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0800"
},
{
"name" : "bsplayer-bsl-bo(49342)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49342"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://retrogod.altervista.org/9sg_bsplayer_seh.html",
"refsource": "MISC",
"url": "http://retrogod.altervista.org/9sg_bsplayer_seh.html"
},
{
"name": "bsplayer-bsl-bo(49342)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49342"
},
{
"name": "34412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34412"
},
{
"name": "8251",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8251"
},
{
"name": "ADV-2009-0800",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0800"
},
{
"name": "20090320 Bs.Player <= 2.34 Build 980 (.bsl) local buffer overflow 0day exploit (seh)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502016/100/0/threaded"
},
{
"name": "8249",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8249"
},
{
"name": "52841",
"refsource": "OSVDB",
"url": "http://osvdb.org/52841"
},
{
"name": "34190",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34190"
}
]
}
}

430
2009/1xxx/CVE-2009-1169.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.zdnet.com/security/?p=3013",
"refsource" : "MISC",
"url" : "http://blogs.zdnet.com/security/?p=3013"
},
{
"name" : "8285",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8285"
},
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-12.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-12.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=460090",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=460090"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=485217",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=485217"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=485286",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=485286"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm"
},
{
"name" : "DSA-1756",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1756"
},
{
"name" : "FEDORA-2009-3101",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html"
},
{
"name" : "FEDORA-2009-3099",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html"
},
{
"name" : "FEDORA-2009-3100",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html"
},
{
"name" : "MDVSA-2009:084",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:084"
},
{
"name" : "RHSA-2009:0397",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0397.html"
},
{
"name" : "RHSA-2009:0398",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0398.html"
},
{
"name" : "SUSE-SA:2009:022",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html"
},
{
"name" : "SUSE-SA:2009:023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html"
},
{
"name" : "USN-745-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-745-1"
},
{
"name" : "34235",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34235"
},
{
"name" : "oval:org.mitre.oval:def:11372",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11372"
},
{
"name" : "1021939",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021939"
},
{
"name" : "34471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34471"
},
{
"name" : "34527",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34527"
},
{
"name" : "34549",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34549"
},
{
"name" : "34550",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34550"
},
{
"name" : "34505",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34505"
},
{
"name" : "34486",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34486"
},
{
"name" : "34510",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34510"
},
{
"name" : "34511",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34511"
},
{
"name" : "34521",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34521"
},
{
"name" : "34792",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34792"
},
{
"name" : "ADV-2009-0853",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0853"
},
{
"name" : "mozilla-xslt-code-execution(49439)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49439"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2009:023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html"
},
{
"name": "mozilla-xslt-code-execution(49439)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49439"
},
{
"name": "34510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34510"
},
{
"name": "8285",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8285"
},
{
"name": "FEDORA-2009-3101",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-12.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-12.html"
},
{
"name": "34511",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34511"
},
{
"name": "MDVSA-2009:084",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:084"
},
{
"name": "RHSA-2009:0397",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0397.html"
},
{
"name": "SUSE-SA:2009:022",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00008.html"
},
{
"name": "1021939",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021939"
},
{
"name": "34505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34505"
},
{
"name": "34521",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34521"
},
{
"name": "RHSA-2009:0398",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0398.html"
},
{
"name": "34486",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34486"
},
{
"name": "34471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34471"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=485286",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=485286"
},
{
"name": "USN-745-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-745-1"
},
{
"name": "34527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34527"
},
{
"name": "34235",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34235"
},
{
"name": "DSA-1756",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1756"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=460090",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=460090"
},
{
"name": "ADV-2009-0853",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0853"
},
{
"name": "34792",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34792"
},
{
"name": "http://blogs.zdnet.com/security/?p=3013",
"refsource": "MISC",
"url": "http://blogs.zdnet.com/security/?p=3013"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=485217",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=485217"
},
{
"name": "FEDORA-2009-3100",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01040.html"
},
{
"name": "34549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34549"
},
{
"name": "34550",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34550"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-113.htm"
},
{
"name": "oval:org.mitre.oval:def:11372",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11372"
},
{
"name": "FEDORA-2009-3099",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01023.html"
}
]
}
}

170
2009/1xxx/CVE-2009-1476.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1476",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter (aka IP Filter) 4.1.31 allows local users to gain privileges via vectors involving a long hostname in a URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1476",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090522 IPFilter (ippool) 4.1.31 lib/load_http.c buffer overflow",
"refsource" : "SREASONRES",
"url" : "http://securityreason.com/achievement_securityalert/62"
},
{
"name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c",
"refsource" : "CONFIRM",
"url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c"
},
{
"name" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c.diff?r1=1.1&r2=1.2&f=h",
"refsource" : "CONFIRM",
"url" : "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c.diff?r1=1.1&r2=1.2&f=h"
},
{
"name" : "35076",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35076"
},
{
"name" : "1022272",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022272"
},
{
"name" : "ipfilter-loadhttp-bo(50716)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50716"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter (aka IP Filter) 4.1.31 allows local users to gain privileges via vectors involving a long hostname in a URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35076",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35076"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c"
},
{
"name": "1022272",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022272"
},
{
"name": "ipfilter-loadhttp-bo(50716)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50716"
},
{
"name": "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c.diff?r1=1.1&r2=1.2&f=h",
"refsource": "CONFIRM",
"url": "http://cvsweb.netbsd.org/bsdweb.cgi/src/dist/ipf/lib/load_http.c.diff?r1=1.1&r2=1.2&f=h"
},
{
"name": "20090522 IPFilter (ippool) 4.1.31 lib/load_http.c buffer overflow",
"refsource": "SREASONRES",
"url": "http://securityreason.com/achievement_securityalert/62"
}
]
}
}

140
2009/1xxx/CVE-2009-1852.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1852",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8803",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8803"
},
{
"name" : "35096",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35096"
},
{
"name" : "myforum-username-sql-injection(50749)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50749"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8803",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8803"
},
{
"name": "myforum-username-sql-injection(50749)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50749"
},
{
"name": "35096",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35096"
}
]
}
}

140
2009/1xxx/CVE-2009-1936.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1936",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1936",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8790",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8790"
},
{
"name" : "35103",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35103"
},
{
"name" : "35245",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35245"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8790",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8790"
},
{
"name": "35103",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35103"
},
{
"name": "35245",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35245"
}
]
}
}

170
2009/1xxx/CVE-2009-1985.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
},
{
"name" : "TA09-294A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
},
{
"name" : "36745",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36745"
},
{
"name" : "59111",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/59111"
},
{
"name" : "1023057",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023057"
},
{
"name" : "37027",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37027"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36745"
},
{
"name": "37027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37027"
},
{
"name": "1023057",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023057"
},
{
"name": "TA09-294A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
},
{
"name": "59111",
"refsource": "OSVDB",
"url": "http://osvdb.org/59111"
}
]
}
}

200
2009/4xxx/CVE-2009-4298.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4298",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4298",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.moodle.org/en/Moodle_1.8.11_release_notes",
"refsource" : "CONFIRM",
"url" : "http://docs.moodle.org/en/Moodle_1.8.11_release_notes"
},
{
"name" : "http://docs.moodle.org/en/Moodle_1.9.7_release_notes",
"refsource" : "CONFIRM",
"url" : "http://docs.moodle.org/en/Moodle_1.9.7_release_notes"
},
{
"name" : "http://moodle.org/mod/forum/discuss.php?d=139102",
"refsource" : "CONFIRM",
"url" : "http://moodle.org/mod/forum/discuss.php?d=139102"
},
{
"name" : "FEDORA-2009-13040",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html"
},
{
"name" : "FEDORA-2009-13065",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html"
},
{
"name" : "FEDORA-2009-13080",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html"
},
{
"name" : "37244",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37244"
},
{
"name" : "37614",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37614"
},
{
"name" : "ADV-2009-3455",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3455"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes",
"refsource": "CONFIRM",
"url": "http://docs.moodle.org/en/Moodle_1.9.7_release_notes"
},
{
"name": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes",
"refsource": "CONFIRM",
"url": "http://docs.moodle.org/en/Moodle_1.8.11_release_notes"
},
{
"name": "ADV-2009-3455",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3455"
},
{
"name": "37614",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37614"
},
{
"name": "FEDORA-2009-13065",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00730.html"
},
{
"name": "FEDORA-2009-13040",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00704.html"
},
{
"name": "http://moodle.org/mod/forum/discuss.php?d=139102",
"refsource": "CONFIRM",
"url": "http://moodle.org/mod/forum/discuss.php?d=139102"
},
{
"name": "FEDORA-2009-13080",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00751.html"
},
{
"name": "37244",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37244"
}
]
}
}

160
2009/4xxx/CVE-2009-4437.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4437",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0912-exploits/activeauctionhouse-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0912-exploits/activeauctionhouse-sql.txt"
},
{
"name" : "10520",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10520"
},
{
"name" : "37401",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37401"
},
{
"name" : "14839",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14839"
},
{
"name" : "activeauctionhouse-links-sql-injection(54891)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54891"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0912-exploits/activeauctionhouse-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0912-exploits/activeauctionhouse-sql.txt"
},
{
"name": "activeauctionhouse-links-sql-injection(54891)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54891"
},
{
"name": "37401",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37401"
},
{
"name": "10520",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10520"
},
{
"name": "14839",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14839"
}
]
}
}

140
2009/4xxx/CVE-2009-4844.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4844",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4844",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507729/100/0/threaded"
},
{
"name" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt",
"refsource" : "MISC",
"url" : "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt"
},
{
"name" : "virtualiq-statusuri-information-disclosure(58576)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/58576"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to the /status URI on port 9080, which allows remote attackers to obtain sensitive Tomcat information via a direct request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "virtualiq-statusuri-information-disclosure(58576)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58576"
},
{
"name": "20091107 ToutVirtual VirtualIQ Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507729/100/0/threaded"
},
{
"name": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt",
"refsource": "MISC",
"url": "http://www.securenetwork.it/ricerca/advisory/download/SN-2009-02.txt"
}
]
}
}

120
2009/4xxx/CVE-2009-4894.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4894",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4894",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://punbb.informer.com/forums/topic/21669/punbb-134/",
"refsource" : "CONFIRM",
"url" : "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in profile.php in PunBB before 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) password or (2) e-mail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://punbb.informer.com/forums/topic/21669/punbb-134/",
"refsource": "CONFIRM",
"url": "http://punbb.informer.com/forums/topic/21669/punbb-134/"
}
]
}
}

260
2012/2xxx/CVE-2012-2137.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2137",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2137",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ubuntu.5.n6.nabble.com/PATCH-Oneiric-CVE-2012-2137-KVM-Fix-buffer-overflow-in-kvm-set-irq-td4990566.html",
"refsource" : "MISC",
"url" : "http://ubuntu.5.n6.nabble.com/PATCH-Oneiric-CVE-2012-2137-KVM-Fix-buffer-overflow-in-kvm-set-irq-td4990566.html"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f2ebd422f71cda9c791f76f85d2ca102ae34a1ed",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f2ebd422f71cda9c791f76f85d2ca102ae34a1ed"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=816151",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=816151"
},
{
"name" : "HPSBGN02970",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139447903326211&w=2"
},
{
"name" : "RHSA-2012:0743",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0743.html"
},
{
"name" : "openSUSE-SU-2013:0925",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
},
{
"name" : "USN-1529-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1529-1"
},
{
"name" : "USN-1607-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1607-1"
},
{
"name" : "USN-1594-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1594-1"
},
{
"name" : "USN-1606-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1606-1"
},
{
"name" : "USN-1609-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1609-1"
},
{
"name" : "54063",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54063"
},
{
"name" : "50952",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50952"
},
{
"name" : "50961",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50961"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=816151",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=816151"
},
{
"name": "RHSA-2012:0743",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0743.html"
},
{
"name": "USN-1606-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1606-1"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24"
},
{
"name": "USN-1594-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1594-1"
},
{
"name": "50961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50961"
},
{
"name": "USN-1607-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1607-1"
},
{
"name": "USN-1609-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1609-1"
},
{
"name": "USN-1529-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1529-1"
},
{
"name": "http://ubuntu.5.n6.nabble.com/PATCH-Oneiric-CVE-2012-2137-KVM-Fix-buffer-overflow-in-kvm-set-irq-td4990566.html",
"refsource": "MISC",
"url": "http://ubuntu.5.n6.nabble.com/PATCH-Oneiric-CVE-2012-2137-KVM-Fix-buffer-overflow-in-kvm-set-irq-td4990566.html"
},
{
"name": "openSUSE-SU-2013:0925",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f2ebd422f71cda9c791f76f85d2ca102ae34a1ed",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f2ebd422f71cda9c791f76f85d2ca102ae34a1ed"
},
{
"name": "50952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50952"
},
{
"name": "HPSBGN02970",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139447903326211&w=2"
},
{
"name": "54063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54063"
}
]
}
}

34
2012/2xxx/CVE-2012-2256.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2256",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-2256",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

230
2012/2xxx/CVE-2012-2392.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2012-08.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2012-08.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124"
},
{
"name" : "MDVSA-2012:015",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:015"
},
{
"name" : "MDVSA-2012:042",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:042"
},
{
"name" : "MDVSA-2012:080",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:080"
},
{
"name" : "oval:org.mitre.oval:def:15604",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15604"
},
{
"name" : "1027094",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027094"
},
{
"name" : "49226",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49226"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote attackers to cause a denial of service (infinite loop) via vectors related to the (1) ANSI MAP, (2) ASF, (3) IEEE 802.11, (4) IEEE 802.3, and (5) LTP dissectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2012:015",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:015"
},
{
"name": "1027094",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027094"
},
{
"name": "MDVSA-2012:042",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:042"
},
{
"name": "oval:org.mitre.oval:def:15604",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15604"
},
{
"name": "49226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49226"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805"
},
{
"name": "MDVSA-2012:080",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:080"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2012-08.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2012-08.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118"
}
]
}
}

120
2012/2xxx/CVE-2012-2985.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in CuteSoft Cute Editor 6.4 allows remote authenticated users to inject arbitrary web script or HTML via the _UploadID parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#247235",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/247235"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in CuteSoft Cute Editor 6.4 allows remote authenticated users to inject arbitrary web script or HTML via the _UploadID parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#247235",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/247235"
}
]
}
}

140
2012/3xxx/CVE-2012-3205.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via unknown vectors related to Vino server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "56034",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56034"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via unknown vectors related to Vino server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56034",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56034"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

140
2012/3xxx/CVE-2012-3300.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3300",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-3300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21610909",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21610909"
},
{
"name" : "JR42771",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR42771"
},
{
"name" : "websphere-commerce-personalizationid-dos(77382)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77382"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions and personalization IDs are enabled, allows remote attackers to cause a denial of service (resource consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21610909",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21610909"
},
{
"name": "JR42771",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR42771"
},
{
"name": "websphere-commerce-personalizationid-dos(77382)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77382"
}
]
}
}

34
2012/6xxx/CVE-2012-6410.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6410",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6410",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

170
2012/6xxx/CVE-2012-6620.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6620",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[announce] 20120514 Kronolith H4 (3.0.17) (final)",
"refsource" : "MLIST",
"url" : "http://lists.horde.org/archives/announce/2012/000766.html"
},
{
"name" : "http://bugs.horde.org/ticket/11189",
"refsource" : "MISC",
"url" : "http://bugs.horde.org/ticket/11189"
},
{
"name" : "https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2",
"refsource" : "CONFIRM",
"url" : "https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2"
},
{
"name" : "53731",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53731"
},
{
"name" : "49147",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49147"
},
{
"name" : "kronolith-kronolith-xss(75563)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75563"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks and (2) search views in Horde Kronolith H4 before 3.0.17 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49147",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49147"
},
{
"name": "http://bugs.horde.org/ticket/11189",
"refsource": "MISC",
"url": "http://bugs.horde.org/ticket/11189"
},
{
"name": "53731",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53731"
},
{
"name": "https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2",
"refsource": "CONFIRM",
"url": "https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2"
},
{
"name": "[announce] 20120514 Kronolith H4 (3.0.17) (final)",
"refsource": "MLIST",
"url": "http://lists.horde.org/archives/announce/2012/000766.html"
},
{
"name": "kronolith-kronolith-xss(75563)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75563"
}
]
}
}

170
2012/6xxx/CVE-2012-6701.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6701",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2012-6701",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20160302 Re: CVE Request: Linux: aio write triggers integer overflow in some network protocols",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2016/03/02/9"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1314288",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1314288"
},
{
"name" : "https://github.com/torvalds/linux/commit/a70b52ec1aaeaf60f4739edb1b422827cb6f3893",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/a70b52ec1aaeaf60f4739edb1b422827cb6f3893"
},
{
"name" : "RHSA-2018:1854",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1854"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/torvalds/linux/commit/a70b52ec1aaeaf60f4739edb1b422827cb6f3893",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/a70b52ec1aaeaf60f4739edb1b422827cb6f3893"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1314288",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1314288"
},
{
"name": "RHSA-2018:1854",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1854"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.1"
},
{
"name": "[oss-security] 20160302 Re: CVE Request: Linux: aio write triggers integer overflow in some network protocols",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/03/02/9"
}
]
}
}

150
2015/1xxx/CVE-2015-1489.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1489",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@symantec.com",
"ID": "CVE-2015-1489",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37812",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37812/"
},
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00"
},
{
"name" : "76078",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76078"
},
{
"name" : "1033165",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033165"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management console in Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows remote authenticated users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37812",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37812/"
},
{
"name": "76078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76078"
},
{
"name": "1033165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033165"
},
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20150730_00"
}
]
}
}

140
2015/5xxx/CVE-2015-5245.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5245",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5245",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Ceph-announce] 20151019 v0.94.4 Hammer released",
"refsource" : "MLIST",
"url" : "http://lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html"
},
{
"name" : "http://tracker.ceph.com/issues/12537",
"refsource" : "CONFIRM",
"url" : "http://tracker.ceph.com/issues/12537"
},
{
"name" : "RHSA-2015:2512",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2015:2512"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw or RGW) in Ceph before 0.94.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted bucket name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tracker.ceph.com/issues/12537",
"refsource": "CONFIRM",
"url": "http://tracker.ceph.com/issues/12537"
},
{
"name": "RHSA-2015:2512",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:2512"
},
{
"name": "[Ceph-announce] 20151019 v0.94.4 Hammer released",
"refsource": "MLIST",
"url": "http://lists.ceph.com/pipermail/ceph-announce-ceph.com/2015-October/000034.html"
}
]
}
}

350
2015/5xxx/CVE-2015-5252.json
View File

@ -1,177 +1,177 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5252",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5252",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1290288",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1290288"
},
{
"name" : "https://git.samba.org/?p=samba.git;a=commit;h=4278ef25f64d5fdbf432ff1534e275416ec9561e",
"refsource" : "CONFIRM",
"url" : "https://git.samba.org/?p=samba.git;a=commit;h=4278ef25f64d5fdbf432ff1534e275416ec9561e"
},
{
"name" : "https://www.samba.org/samba/security/CVE-2015-5252.html",
"refsource" : "CONFIRM",
"url" : "https://www.samba.org/samba/security/CVE-2015-5252.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name" : "DSA-3433",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3433"
},
{
"name" : "FEDORA-2015-0e0879cc8a",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html"
},
{
"name" : "FEDORA-2015-b36076d32e",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html"
},
{
"name" : "GLSA-201612-47",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201612-47"
},
{
"name" : "SUSE-SU-2016:1105",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html"
},
{
"name" : "openSUSE-SU-2016:1064",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"
},
{
"name" : "openSUSE-SU-2016:1106",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"
},
{
"name" : "openSUSE-SU-2016:1107",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"
},
{
"name" : "SUSE-SU-2015:2304",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html"
},
{
"name" : "SUSE-SU-2015:2305",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html"
},
{
"name" : "SUSE-SU-2016:0032",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html"
},
{
"name" : "openSUSE-SU-2015:2354",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html"
},
{
"name" : "openSUSE-SU-2015:2356",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html"
},
{
"name" : "SUSE-SU-2016:0164",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html"
},
{
"name" : "USN-2855-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2855-2"
},
{
"name" : "USN-2855-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2855-1"
},
{
"name" : "79733",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/79733"
},
{
"name" : "1034493",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034493"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, when share names with certain substring relationships exist, allows remote attackers to bypass intended file-access restrictions via a symlink that points outside of a share."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "79733",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79733"
},
{
"name": "FEDORA-2015-0e0879cc8a",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174391.html"
},
{
"name": "openSUSE-SU-2016:1064",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"
},
{
"name": "USN-2855-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2855-2"
},
{
"name": "SUSE-SU-2016:0032",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html"
},
{
"name": "SUSE-SU-2015:2304",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "SUSE-SU-2015:2305",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1290288",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1290288"
},
{
"name": "SUSE-SU-2016:0164",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html"
},
{
"name": "openSUSE-SU-2015:2354",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html"
},
{
"name": "SUSE-SU-2016:1105",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00046.html"
},
{
"name": "FEDORA-2015-b36076d32e",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174076.html"
},
{
"name": "openSUSE-SU-2016:1106",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05115993"
},
{
"name": "https://git.samba.org/?p=samba.git;a=commit;h=4278ef25f64d5fdbf432ff1534e275416ec9561e",
"refsource": "CONFIRM",
"url": "https://git.samba.org/?p=samba.git;a=commit;h=4278ef25f64d5fdbf432ff1534e275416ec9561e"
},
{
"name": "1034493",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034493"
},
{
"name": "DSA-3433",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3433"
},
{
"name": "openSUSE-SU-2016:1107",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "GLSA-201612-47",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201612-47"
},
{
"name": "https://www.samba.org/samba/security/CVE-2015-5252.html",
"refsource": "CONFIRM",
"url": "https://www.samba.org/samba/security/CVE-2015-5252.html"
},
{
"name": "USN-2855-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2855-1"
},
{
"name": "openSUSE-SU-2015:2356",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html"
}
]
}
}

200
2015/5xxx/CVE-2015-5810.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5810",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205221",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205221"
},
{
"name" : "https://support.apple.com/HT205265",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205265"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-16-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name" : "APPLE-SA-2015-09-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name" : "openSUSE-SU-2016:0761",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
},
{
"name" : "76763",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76763"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT205221",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205221"
},
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "76763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76763"
},
{
"name": "openSUSE-SU-2016:0761",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00054.html"
},
{
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-16-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

190
2015/5xxx/CVE-2015-5916.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5916",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5916",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205213",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205213"
},
{
"name" : "https://support.apple.com/HT205378",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205378"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-21-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name" : "APPLE-SA-2015-10-21-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Oct/msg00003.html"
},
{
"name" : "76764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76764"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apple Pay component in Apple iOS before 9 allows remote terminals to obtain sensitive recent-transaction information during payments by leveraging the transaction-log feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "APPLE-SA-2015-10-21-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Oct/msg00003.html"
},
{
"name": "76764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76764"
},
{
"name": "APPLE-SA-2015-09-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name": "https://support.apple.com/HT205378",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205378"
},
{
"name": "https://support.apple.com/HT205213",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205213"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

150
2015/5xxx/CVE-2015-5948.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5948",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150806 Re: CVE Request: SuiteCRM Post-Auth Race Condition Shell Upload Remote Code Execution.",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/08/06/6"
},
{
"name" : "https://github.com/salesagility/SuiteCRM/commit/b1b3fd61c7697ad2073cd253d31c9462929e7bb5",
"refsource" : "MISC",
"url" : "https://github.com/salesagility/SuiteCRM/commit/b1b3fd61c7697ad2073cd253d31c9462929e7bb5"
},
{
"name" : "https://github.com/XiphosResearch/exploits/tree/master/suiteshell",
"refsource" : "CONFIRM",
"url" : "https://github.com/XiphosResearch/exploits/tree/master/suiteshell"
},
{
"name" : "https://github.com/salesagility/SuiteCRM/issues/333",
"refsource" : "CONFIRM",
"url" : "https://github.com/salesagility/SuiteCRM/issues/333"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary code. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-5947."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150806 Re: CVE Request: SuiteCRM Post-Auth Race Condition Shell Upload Remote Code Execution.",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/06/6"
},
{
"name": "https://github.com/salesagility/SuiteCRM/issues/333",
"refsource": "CONFIRM",
"url": "https://github.com/salesagility/SuiteCRM/issues/333"
},
{
"name": "https://github.com/salesagility/SuiteCRM/commit/b1b3fd61c7697ad2073cd253d31c9462929e7bb5",
"refsource": "MISC",
"url": "https://github.com/salesagility/SuiteCRM/commit/b1b3fd61c7697ad2073cd253d31c9462929e7bb5"
},
{
"name": "https://github.com/XiphosResearch/exploits/tree/master/suiteshell",
"refsource": "CONFIRM",
"url": "https://github.com/XiphosResearch/exploits/tree/master/suiteshell"
}
]
}
}

150
2018/11xxx/CVE-2018-11046.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2018-06-20T04:00:00.000Z",
"ID" : "CVE-2018-11046",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Operations Manager",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "2.1.x",
"version_value" : "2.1.6"
},
{
"affected" : "=",
"version_value" : "2.0.14"
}
]
}
}
]
},
"vendor_name" : "Pivotal"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "unpatched vulnerabilities "
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-06-20T04:00:00.000Z",
"ID": "CVE-2018-11046",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Operations Manager",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "2.1.x",
"version_value": "2.1.6"
},
{
"affected": "=",
"version_value": "2.0.14"
}
]
}
}
]
},
"vendor_name": "Pivotal"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2018-11046",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2018-11046"
},
{
"name" : "104545",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104545"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pivotal Operations Manager, versions 2.1.x prior to 2.1.6 and version 2.0.14, includes NGINX packages that lacks security vulnerability patches. An attacker with access to the NGINX processes and knowledge of how to exploit the unpatched vulnerabilities may be able to impact Operations Manager"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "unpatched vulnerabilities "
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104545",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104545"
},
{
"name": "https://pivotal.io/security/cve-2018-11046",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2018-11046"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

130
2018/11xxx/CVE-2018-11095.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11095",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://docs.google.com/document/d/13xJhiIgDbqYwmR4j7aGEbKUU8KDl195mkw4rcvhT4J8/edit?usp=sharing",
"refsource" : "MISC",
"url" : "https://docs.google.com/document/d/13xJhiIgDbqYwmR4j7aGEbKUU8KDl195mkw4rcvhT4J8/edit?usp=sharing"
},
{
"name" : "https://github.com/libming/libming/issues/141",
"refsource" : "MISC",
"url" : "https://github.com/libming/libming/issues/141"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The decompileJUMP function in decompile.c in libming through 0.4.8 mishandles cases where the header indicates a file size greater than the actual size, which allows remote attackers to cause a denial of service (Segmentation fault and application crash) or possibly have unspecified other impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.google.com/document/d/13xJhiIgDbqYwmR4j7aGEbKUU8KDl195mkw4rcvhT4J8/edit?usp=sharing",
"refsource": "MISC",
"url": "https://docs.google.com/document/d/13xJhiIgDbqYwmR4j7aGEbKUU8KDl195mkw4rcvhT4J8/edit?usp=sharing"
},
{
"name": "https://github.com/libming/libming/issues/141",
"refsource": "MISC",
"url": "https://github.com/libming/libming/issues/141"
}
]
}
}

160
2018/11xxx/CVE-2018-11531.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11531",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180628 [SECURITY] [DLA 1402-1] exiv2 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html"
},
{
"name" : "https://github.com/Exiv2/exiv2/issues/283",
"refsource" : "CONFIRM",
"url" : "https://github.com/Exiv2/exiv2/issues/283"
},
{
"name" : "DSA-4238",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4238"
},
{
"name" : "GLSA-201811-14",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201811-14"
},
{
"name" : "USN-3700-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3700-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Exiv2/exiv2/issues/283",
"refsource": "CONFIRM",
"url": "https://github.com/Exiv2/exiv2/issues/283"
},
{
"name": "USN-3700-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3700-1/"
},
{
"name": "DSA-4238",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4238"
},
{
"name": "GLSA-201811-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201811-14"
},
{
"name": "[debian-lts-announce] 20180628 [SECURITY] [DLA 1402-1] exiv2 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00010.html"
}
]
}
}

132
2018/11xxx/CVE-2018-11793.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2019-03-04T00:00:00",
"ID" : "CVE-2018-11793",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Mesos",
"version" : {
"version_data" : [
{
"version_value" : "Apache Mesos pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, 1.7.0"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2019-03-04T00:00:00",
"ID": "CVE-2018-11793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Mesos",
"version": {
"version_data": [
{
"version_value": "Apache Mesos pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, 1.7.0"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://lists.apache.org/thread.html/9be975c53e5ad612c7e0af39f5b88837fbfbc32108e587d3d8499844@%3Cdev.mesos.apache.org%3E",
"refsource" : "MISC",
"url" : "https://lists.apache.org/thread.html/9be975c53e5ad612c7e0af39f5b88837fbfbc32108e587d3d8499844@%3Cdev.mesos.apache.org%3E"
},
{
"name" : "107281",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/107281"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When parsing a JSON payload with deeply nested JSON structures, the parser in Apache Mesos versions pre-1.4.x, 1.4.0 to 1.4.2, 1.5.0 to 1.5.1, 1.6.0 to 1.6.1, and 1.7.0 might overflow the stack due to unbounded recursion. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "107281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/107281"
},
{
"name": "https://lists.apache.org/thread.html/9be975c53e5ad612c7e0af39f5b88837fbfbc32108e587d3d8499844@%3Cdev.mesos.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/9be975c53e5ad612c7e0af39f5b88837fbfbc32108e587d3d8499844@%3Cdev.mesos.apache.org%3E"
}
]
}
}

34
2018/11xxx/CVE-2018-11809.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11809",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11809",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/11xxx/CVE-2018-11827.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11827",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Validation of Array Index in WLAN"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4c74687be66c19be0b9bd83d78d033dff5d1a9ae",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4c74687be66c19be0b9bd83d78d033dff5d1a9ae"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Validation of Array Index in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4c74687be66c19be0b9bd83d78d033dff5d1a9ae",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4c74687be66c19be0b9bd83d78d033dff5d1a9ae"
}
]
}
}

130
2018/15xxx/CVE-2018-15139.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15139",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15139",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/",
"refsource" : "MISC",
"url" : "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/"
},
{
"name" : "https://github.com/openemr/openemr/pull/1757/commits/c2808a0493243f618bbbb3459af23c7da3dc5485",
"refsource" : "CONFIRM",
"url" : "https://github.com/openemr/openemr/pull/1757/commits/c2808a0493243f618bbbb3459af23c7da3dc5485"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload in interface/super/manage_site_files.php in versions of OpenEMR before 5.0.1.4 allows a remote authenticated attacker to execute arbitrary PHP code by uploading a file with a PHP extension via the images upload form and accessing it in the images directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/",
"refsource": "MISC",
"url": "https://www.databreaches.net/openemr-patches-serious-vulnerabilities-uncovered-by-project-insecurity/"
},
{
"name": "https://github.com/openemr/openemr/pull/1757/commits/c2808a0493243f618bbbb3459af23c7da3dc5485",
"refsource": "CONFIRM",
"url": "https://github.com/openemr/openemr/pull/1757/commits/c2808a0493243f618bbbb3459af23c7da3dc5485"
}
]
}
}

130
2018/15xxx/CVE-2018-15985.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@adobe.com",
"ID" : "CVE-2018-15985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2018-15985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
},
{
"name" : "106162",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106162"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Acrobat and Reader versions 2019.008.20081 and earlier, 2019.008.20080 and earlier, 2019.008.20081 and earlier, 2017.011.30106 and earlier version, 2017.011.30105 and earlier version, 2015.006.30457 and earlier, and 2015.006.30456 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106162",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106162"
},
{
"name": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/acrobat/apsb18-41.html"
}
]
}
}

142
2018/3xxx/CVE-2018-3068.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3068",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PeopleSoft Enterprise HCM Human Resources",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "9.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Compensation). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3068",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise HCM Human Resources",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "9.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104832",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104832"
},
{
"name" : "1041306",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041306"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise HCM Human Resources component of Oracle PeopleSoft Products (subcomponent: Compensation). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise HCM Human Resources. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise HCM Human Resources, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Human Resources accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise HCM Human Resources accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104832",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104832"
},
{
"name": "1041306",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041306"
}
]
}
}

34
2018/8xxx/CVE-2018-8630.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8630",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8630",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

152
2018/8xxx/CVE-2018-8785.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@checkpoint.com",
"DATE_PUBLIC" : "2018-10-22T00:00:00",
"ID" : "CVE-2018-8785",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FreeRDP",
"version" : {
"version_data" : [
{
"version_value" : "All versions prior to 2.0.0-rc4"
}
]
}
}
]
},
"vendor_name" : "Check Point Software Technologies Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"DATE_PUBLIC": "2018-10-22T00:00:00",
"ID": "CVE-2018-8785",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FreeRDP",
"version": {
"version_data": [
{
"version_value": "All versions prior to 2.0.0-rc4"
}
]
}
}
]
},
"vendor_name": "Check Point Software Technologies Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d",
"refsource" : "CONFIRM",
"url" : "https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d"
},
{
"name" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
"refsource" : "CONFIRM",
"url" : "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
},
{
"name" : "USN-3845-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3845-1/"
},
{
"name" : "106938",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106938"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FreeRDP prior to version 2.0.0-rc4 contains a Heap-Based Buffer Overflow in function zgfx_decompress() that results in a memory corruption and probably even a remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106938",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106938"
},
{
"name": "https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d",
"refsource": "CONFIRM",
"url": "https://github.com/FreeRDP/FreeRDP/commit/602f4a2e14b41703b5f431de3154cd46a5750a2d"
},
{
"name": "USN-3845-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3845-1/"
},
{
"name": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/",
"refsource": "CONFIRM",
"url": "https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/"
}
]
}
}

120
2018/8xxx/CVE-2018-8895.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8895",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8895",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/2345DumpBlock.sys-0x00222040",
"refsource" : "MISC",
"url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/2345DumpBlock.sys-0x00222040"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222040."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/2345DumpBlock.sys-0x00222040",
"refsource": "MISC",
"url": "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/2345DumpBlock.sys-0x00222040"
}
]
}
}

34
2018/8xxx/CVE-2018-8956.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8956",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8956",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}