admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 07:07:01 +00:00
parent 0ee4edbcd3
commit 53dfb2fc83
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
54 changed files with 3982 additions and 3982 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

178
2000/1xxx/CVE-2000-1174.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-1174", "ID": "CVE-2000-1174",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20001118 [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0251.html" "lang": "eng",
}, "value": "Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username."
{ }
"name" : "20001121 ethereal: remote exploit", ]
"refsource" : "DEBIAN", },
"url" : "http://www.debian.org/security/2000/20001122a" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "CLSA-2000:342", "description": [
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000342" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2000:116", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2000-116.html" ]
}, },
{ "references": {
"name" : "FreeBSD-SA-00:81", "reference_data": [
"refsource" : "FREEBSD", {
"url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:81.ethereal.asc" "name": "20001118 [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug",
}, "refsource": "BUGTRAQ",
{ "url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0251.html"
"name" : "ethereal-afs-bo(5557)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5557" "name": "20001121 ethereal: remote exploit",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2000/20001122a"
"name" : "1972", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/1972" "name": "FreeBSD-SA-00:81",
} "refsource": "FREEBSD",
] "url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:81.ethereal.asc"
} },
{
"name": "ethereal-afs-bo(5557)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5557"
},
{
"name": "CLSA-2000:342",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000342"
},
{
"name": "1972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1972"
},
{
"name": "RHSA-2000:116",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-116.html"
}
]
}
} }

218
2005/0xxx/CVE-2005-0149.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0149", "ID": "CVE-2005-0149",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/mfsa2005-11.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/mfsa2005-11.html" "lang": "eng",
}, "value": "Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=268107", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=268107" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2005:094", "description": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-094.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2005:323", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2005-323.html" ]
}, },
{ "references": {
"name" : "RHSA-2005:335", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-335.html" "name": "RHSA-2005:323",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-323.html"
"name" : "SUSE-SA:2006:022", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html" "name": "12407",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/12407"
"name" : "12407", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12407" "name": "oval:org.mitre.oval:def:100047",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047"
"name" : "oval:org.mitre.oval:def:100047", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100047" "name": "RHSA-2005:335",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-335.html"
"name" : "oval:org.mitre.oval:def:11407", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407" "name": "19823",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19823"
"name" : "19823", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19823" "name": "http://www.mozilla.org/security/announce/mfsa2005-11.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/mfsa2005-11.html"
"name" : "mozilla-cookie-policy-bypass(19172)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=268107",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=268107"
} },
{
"name": "RHSA-2005:094",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-094.html"
},
{
"name": "oval:org.mitre.oval:def:11407",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11407"
},
{
"name": "SUSE-SA:2006:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
},
{
"name": "mozilla-cookie-policy-bypass(19172)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19172"
}
]
}
} }

128
2005/0xxx/CVE-2005-0484.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0484", "ID": "CVE-2005-0484",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "GLSA-200502-26", "description_data": [
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200502-26.xml" "lang": "eng",
}, "value": "Format string vulnerability in gprostats for GProFTPD before 8.1.9 may allow remote attackers to execute arbitrary code via an FTP transfer with a crafted filename that causes format string specifiers to be inserted into the ProFTPD transfer log."
{ }
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=81894", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=81894" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=81894",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=81894"
},
{
"name": "GLSA-200502-26",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200502-26.xml"
}
]
}
} }

118
2005/2xxx/CVE-2005-2185.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2185", "ID": "CVE-2005-2185",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050706 eRoom Multiple Security Issues", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112069267700034&w=2" "lang": "eng",
} "value": "eRoom does not set an expiration for Cookies, which allows remote attackers to capture cookies and conduct replay attacks."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050706 eRoom Multiple Security Issues",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112069267700034&w=2"
}
]
}
} }

168
2005/2xxx/CVE-2005-2409.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2409", "ID": "CVE-2005-2409",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly handled in a syslog call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txt" "lang": "eng",
}, "value": "Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly handled in a syslog call."
{ }
"name" : "http://www.vuxml.org/freebsd/debbb39c-fdb3-11d9-a30d-00b0d09acbfc.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.vuxml.org/freebsd/debbb39c-fdb3-11d9-a30d-00b0d09acbfc.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14441", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14441" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16279", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/16279" ]
}, },
{ "references": {
"name" : "16324", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16324" "name": "http://www.vuxml.org/freebsd/debbb39c-fdb3-11d9-a30d-00b0d09acbfc.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.vuxml.org/freebsd/debbb39c-fdb3-11d9-a30d-00b0d09acbfc.html"
"name" : "nbsmtp-format-string(21674)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21674" "name": "16324",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/16324"
} },
{
"name": "nbsmtp-format-string(21674)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21674"
},
{
"name": "http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txt",
"refsource": "MISC",
"url": "http://people.freebsd.org/~niels/issues/nbsmtp-20050726.txt"
},
{
"name": "14441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14441"
},
{
"name": "16279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16279"
}
]
}
} }

158
2005/2xxx/CVE-2005-2817.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2817", "ID": "CVE-2005-2817",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050831 Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://seclists.org/lists/bugtraq/2005/Aug/0438.html" "lang": "eng",
}, "value": "Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server."
{ }
"name" : "http://rgod.altervista.org/smf105.html", ]
"refsource" : "MISC", },
"url" : "http://rgod.altervista.org/smf105.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1014828", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014828" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16646", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/16646" ]
}, },
{ "references": {
"name" : "smf-avatar-image-information-disclosure(22093)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22093" "name": "1014828",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1014828"
} },
{
"name": "smf-avatar-image-information-disclosure(22093)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22093"
},
{
"name": "20050831 Simple Machine Forum 1-0-5 (possibly prior versions) user IP address / information disclosure",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/lists/bugtraq/2005/Aug/0438.html"
},
{
"name": "16646",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16646"
},
{
"name": "http://rgod.altervista.org/smf105.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/smf105.html"
}
]
}
} }

32
2005/2xxx/CVE-2005-2965.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2005-2965", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2005-2965",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4802, CVE-2005-4803. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2005-4802 and CVE-2005-4803 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4802, CVE-2005-4803. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should consult CVE-2005-4802 and CVE-2005-4803 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

288
2005/2xxx/CVE-2005-2967.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2005-2967", "ID": "CVE-2005-2967",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051008 xine/gxine CD Player Remote Format String Bug", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html" "lang": "eng",
}, "value": "Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD."
{ }
"name" : "http://xinehq.de/index.php/security/XSA-2005-1", ]
"refsource" : "CONFIRM", },
"url" : "http://xinehq.de/index.php/security/XSA-2005-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-863", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-863" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200510-08", ]
"refsource" : "GENTOO", }
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml" ]
}, },
{ "references": {
"name" : "MDKSA-2005:180", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:180" "name": "15044",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/15044"
"name" : "SSA:2005-283-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.415454" "name": "17132",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17132"
"name" : "SUSE-SR:2005:024", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2005_24_sr.html" "name": "MDKSA-2005:180",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:180"
"name" : "USN-196-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/usn-196-1" "name": "17282",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17282"
"name" : "15044", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15044" "name": "17097",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17097"
"name" : "19892", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/19892" "name": "19892",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/19892"
"name" : "17099", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17099/" "name": "SSA:2005-283-01",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.415454"
"name" : "17132", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17132" "name": "http://xinehq.de/index.php/security/XSA-2005-1",
}, "refsource": "CONFIRM",
{ "url": "http://xinehq.de/index.php/security/XSA-2005-1"
"name" : "17162", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17162" "name": "DSA-863",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-863"
"name" : "17179", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17179" "name": "20051008 xine/gxine CD Player Remote Format String Bug",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0196.html"
"name" : "17097", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17097" "name": "SUSE-SR:2005:024",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2005_24_sr.html"
"name" : "17111", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17111" "name": "17111",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17111"
"name" : "17282", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17282" "name": "GLSA-200510-08",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200510-08.xml"
"name" : "xinelib-inputcdda-format-string(22545)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22545" "name": "USN-196-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/usn-196-1"
} },
{
"name": "17179",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17179"
},
{
"name": "17162",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17162"
},
{
"name": "17099",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17099/"
},
{
"name": "xinelib-inputcdda-format-string(22545)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22545"
}
]
}
} }

168
2005/4xxx/CVE-2005-4038.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4038", "ID": "CVE-2005-4038",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remote attackers to execute arbitrary SQL commands via the idp parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/12/web4future-portal-solutions-news.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/12/web4future-portal-solutions-news.html" "lang": "eng",
}, "value": "SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remote attackers to execute arbitrary SQL commands via the idp parameter."
{ }
"name" : "15716", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15716" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2733", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2733" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21422", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/21422" ]
}, },
{ "references": {
"name" : "17880", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17880" "name": "ADV-2005-2733",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/2733"
"name" : "portal-solutions-comentarii-sql-injection(23419)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23419" "name": "15716",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/15716"
} },
{
"name": "portal-solutions-comentarii-sql-injection(23419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23419"
},
{
"name": "http://pridels0.blogspot.com/2005/12/web4future-portal-solutions-news.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/web4future-portal-solutions-news.html"
},
{
"name": "21422",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21422"
},
{
"name": "17880",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17880"
}
]
}
} }

198
2005/4xxx/CVE-2005-4213.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4213", "ID": "CVE-2005-4213",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051213 phpCOIN 1.2.2 multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/419382/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote attackers to execute arbitrary SQL commands via the phpcoinsessid cookie."
{ }
"name" : "http://forums.phpcoin.com/index.php?showtopic=5469", ]
"refsource" : "CONFIRM", },
"url" : "http://forums.phpcoin.com/index.php?showtopic=5469" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://rgod.altervista.org/phpcoin122.html", "description": [
"refsource" : "MISC", {
"url" : "http://rgod.altervista.org/phpcoin122.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://rgod.altervista.org/phpcoin_122_sql_xpl.html", ]
"refsource" : "MISC", }
"url" : "http://rgod.altervista.org/phpcoin_122_sql_xpl.html" ]
}, },
{ "references": {
"name" : "15830", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15830" "name": "http://rgod.altervista.org/phpcoin122.html",
}, "refsource": "MISC",
{ "url": "http://rgod.altervista.org/phpcoin122.html"
"name" : "ADV-2005-2888", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2888" "name": "15830",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/15830"
"name" : "21725", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/21725" "name": "21725",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/21725"
"name" : "1015345", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015345" "name": "http://rgod.altervista.org/phpcoin_122_sql_xpl.html",
}, "refsource": "MISC",
{ "url": "http://rgod.altervista.org/phpcoin_122_sql_xpl.html"
"name" : "18030", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18030" "name": "http://forums.phpcoin.com/index.php?showtopic=5469",
} "refsource": "CONFIRM",
] "url": "http://forums.phpcoin.com/index.php?showtopic=5469"
} },
{
"name": "18030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18030"
},
{
"name": "20051213 phpCOIN 1.2.2 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419382/100/0/threaded"
},
{
"name": "ADV-2005-2888",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2888"
},
{
"name": "1015345",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015345"
}
]
}
} }

118
2005/4xxx/CVE-2005-4450.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4450", "ID": "CVE-2005-4450",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "18113", "description_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18113" "lang": "eng",
} "value": "Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag to server_privileges.php, as demonstrated using the dbname and checkprivs parameters. NOTE: the provenance of this issue is unknown, although third parties imply that it is related to the disclosure of CVE-2005-4349, which was labeled as SQL injection but disputed."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18113"
}
]
}
} }

158
2005/4xxx/CVE-2005-4800.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4800", "ID": "CVE-2005-4800",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051013 Yapig: XSS / Code Injection Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html" "lang": "eng",
}, "value": "Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php. NOTE: this issue is easier to exploit due to a separate CSRF vulnerability."
{ }
"name" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt", ]
"refsource" : "MISC", },
"url" : "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "19960", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/19960" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "17041", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/17041" ]
}, },
{ "references": {
"name" : "yapig-http-post-privilege-escalation(22753)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22753" "name": "yapig-http-post-privilege-escalation(22753)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22753"
} },
{
"name": "19960",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19960"
},
{
"name": "20051013 Yapig: XSS / Code Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html"
},
{
"name": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt",
"refsource": "MISC",
"url": "http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt"
},
{
"name": "17041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17041"
}
]
}
} }

178
2009/0xxx/CVE-2009-0987.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2009-0987", "ID": "CVE-2009-0987",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Upgrade component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html" "lang": "eng",
}, "value": "Unspecified vulnerability in the Upgrade component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors."
{ }
"name" : "35679", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/35679" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "55889", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/55889" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1022560", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1022560" ]
}, },
{ "references": {
"name" : "35776", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35776" "name": "35776",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35776"
"name" : "ADV-2009-1900", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1900" "name": "35679",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/35679"
"name" : "oracle-database-upgrade-unspecified(51746)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51746" "name": "ADV-2009-1900",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2009/1900"
} },
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name": "55889",
"refsource": "OSVDB",
"url": "http://osvdb.org/55889"
},
{
"name": "1022560",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022560"
},
{
"name": "oracle-database-upgrade-unspecified(51746)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51746"
}
]
}
} }

168
2009/2xxx/CVE-2009-2161.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2161", "ID": "CVE-2009-2161",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090615 [waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/504294/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in backend/admin-functions.php in TorrentTrader Classic 1.09, when used on a case-insensitive web site, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ss_uri parameter, in conjunction with a modified component name."
{ }
"name" : "8958", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/8958" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.waraxe.us/advisory-74.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.waraxe.us/advisory-74.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "35369", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/35369" ]
}, },
{ "references": {
"name" : "35456", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35456" "name": "35456",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35456"
"name" : "torrenttrader-ssuri-file-include(51146)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51146" "name": "35369",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/35369"
} },
{
"name": "torrenttrader-ssuri-file-include(51146)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51146"
},
{
"name": "8958",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8958"
},
{
"name": "20090615 [waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504294/100/0/threaded"
},
{
"name": "http://www.waraxe.us/advisory-74.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-74.html"
}
]
}
} }

138
2009/2xxx/CVE-2009-2211.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2211", "ID": "CVE-2009-2211",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "PK77030", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and 7.0.1 before 7.0.1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "1022456", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id?1022456" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35564", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35564" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "35564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35564"
},
{
"name": "PK77030",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK77030"
},
{
"name": "1022456",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022456"
}
]
}
} }

118
2009/2xxx/CVE-2009-2455.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2455", "ID": "CVE-2009-2455",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin.php in @mail 5.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) type and (2) func parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "34403", "description_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34403" "lang": "eng",
} "value": "Multiple cross-site scripting (XSS) vulnerabilities in webadmin/admin.php in @mail 5.6.1 allow remote attackers to inject arbitrary web script or HTML via the (1) type and (2) func parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34403",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34403"
}
]
}
} }

278
2009/2xxx/CVE-2009-2849.json
View File

@ -1,142 +1,142 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2849", "ID": "CVE-2009-2849",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to \"suspend_* sysfs attributes\" and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20090724 md raid null ptr dereference (when sysfs is writable)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/07/24/1" "lang": "eng",
}, "value": "The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to \"suspend_* sysfs attributes\" and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker."
{ }
"name" : "[oss-security] 20090726 Re: md raid null ptr dereference (when sysfs is writable)", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2009/07/26/1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates", "description": [
"refsource" : "MLIST", {
"url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://xorl.wordpress.com/2009/07/21/linux-kernel-md-driver-null-pointer-dereference/", ]
"refsource" : "MISC", }
"url" : "http://xorl.wordpress.com/2009/07/21/linux-kernel-md-driver-null-pointer-dereference/" ]
}, },
{ "references": {
"name" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git;a=commit;h=3c92900d9a4afb176d3de335dc0da0198660a244", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git;a=commit;h=3c92900d9a4afb176d3de335dc0da0198660a244" "name": "RHSA-2009:1540",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2009-1540.html"
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.2", },
"refsource" : "CONFIRM", {
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.2" "name": "1022961",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1022961"
"name" : "FEDORA-2009-9044", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html" "name": "USN-852-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-852-1"
"name" : "RHSA-2009:1540", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1540.html" "name": "38794",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38794"
"name" : "USN-852-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-852-1" "name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
}, "refsource": "MLIST",
{ "url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
"name" : "oval:org.mitre.oval:def:10396", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10396" "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.2",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.2"
"name" : "1022961", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022961" "name": "oval:org.mitre.oval:def:10396",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10396"
"name" : "36501", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36501" "name": "FEDORA-2009-9044",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html"
"name" : "38794", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38794" "name": "[oss-security] 20090726 Re: md raid null ptr dereference (when sysfs is writable)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/07/26/1"
"name" : "38834", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38834" "name": "38834",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38834"
"name" : "37105", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37105" "name": "http://xorl.wordpress.com/2009/07/21/linux-kernel-md-driver-null-pointer-dereference/",
}, "refsource": "MISC",
{ "url": "http://xorl.wordpress.com/2009/07/21/linux-kernel-md-driver-null-pointer-dereference/"
"name" : "ADV-2010-0528", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0528" "name": "kernel-mddriver-dos(52858)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52858"
"name" : "kernel-mddriver-dos(52858)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52858" "name": "[oss-security] 20090724 md raid null ptr dereference (when sysfs is writable)",
} "refsource": "MLIST",
] "url": "http://www.openwall.com/lists/oss-security/2009/07/24/1"
} },
{
"name": "36501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36501"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git;a=commit;h=3c92900d9a4afb176d3de335dc0da0198660a244",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git;a=commit;h=3c92900d9a4afb176d3de335dc0da0198660a244"
},
{
"name": "37105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37105"
},
{
"name": "ADV-2010-0528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
} }

128
2009/3xxx/CVE-2009-3180.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3180", "ID": "CVE-2009-3180",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9425", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9425" "lang": "eng",
}, "value": "Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php."
{ }
"name" : "33686", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/33686" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9425",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9425"
},
{
"name": "33686",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33686"
}
]
}
} }

178
2009/3xxx/CVE-2009-3386.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3386", "ID": "CVE-2009-3386",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.bugzilla.org/security/3.4.3/", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.bugzilla.org/security/3.4.3/" "lang": "eng",
}, "value": "Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 allows remote attackers to discover the alias of a private bug by reading the (1) Depends On or (2) Blocks field of a related bug."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=529416", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=529416" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37062", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37062" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "60271", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/60271" ]
}, },
{ "references": {
"name" : "37423", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37423" "name": "37062",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37062"
"name" : "ADV-2009-3288", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3288" "name": "ADV-2009-3288",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3288"
"name" : "bugzilla-alias-information-disclosure(54332)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54332" "name": "60271",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/60271"
} },
{
"name": "bugzilla-alias-information-disclosure(54332)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54332"
},
{
"name": "37423",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37423"
},
{
"name": "http://www.bugzilla.org/security/3.4.3/",
"refsource": "CONFIRM",
"url": "http://www.bugzilla.org/security/3.4.3/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=529416",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=529416"
}
]
}
} }

118
2009/3xxx/CVE-2009-3429.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3429", "ID": "CVE-2009-3429",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9321", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9321" "lang": "eng",
} "value": "Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9321",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9321"
}
]
}
} }

178
2009/4xxx/CVE-2009-4042.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4042", "ID": "CVE-2009-4042",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/node/629894", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/629894" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x before 6.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via the URI."
{ }
"name" : "http://drupal.org/node/630168", ]
"refsource" : "CONFIRM", },
"url" : "http://drupal.org/node/630168" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36998", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/36998" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "59914", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/59914" ]
}, },
{ "references": {
"name" : "37334", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37334" "name": "ADV-2009-3210",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3210"
"name" : "ADV-2009-3210", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3210" "name": "37334",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37334"
"name" : "rootcandy-unspecified-xss(54245)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54245" "name": "http://drupal.org/node/630168",
} "refsource": "CONFIRM",
] "url": "http://drupal.org/node/630168"
} },
{
"name": "36998",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36998"
},
{
"name": "http://drupal.org/node/629894",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/629894"
},
{
"name": "rootcandy-unspecified-xss(54245)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54245"
},
{
"name": "59914",
"refsource": "OSVDB",
"url": "http://osvdb.org/59914"
}
]
}
} }

288
2009/4xxx/CVE-2009-4143.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-4143", "ID": "CVE-2009-4143",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.php.net/ChangeLog-5.php", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.php.net/ChangeLog-5.php" "lang": "eng",
}, "value": "PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive."
{ }
"name" : "http://www.php.net/releases/5_2_12.php", ]
"refsource" : "CONFIRM", },
"url" : "http://www.php.net/releases/5_2_12.php" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.apple.com/kb/HT4077", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.apple.com/kb/HT4077" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2010-03-29-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html" ]
}, },
{ "references": {
"name" : "DSA-2001", "reference_data": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2010/dsa-2001" "name": "http://www.php.net/releases/5_2_12.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.php.net/releases/5_2_12.php"
"name" : "HPSBUX02543", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=127680701405735&w=2" "name": "40262",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/40262"
"name" : "SSRT100152", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=127680701405735&w=2" "name": "37390",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37390"
"name" : "HPSBMA02568", },
"refsource" : "HP", {
"url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" "name": "HPSBUX02543",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=127680701405735&w=2"
"name" : "SSRT100219", },
"refsource" : "HP", {
"url" : "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" "name": "37821",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37821"
"name" : "MDVSA-2010:045", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:045" "name": "38648",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38648"
"name" : "37390", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37390" "name": "APPLE-SA-2010-03-29-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
"name" : "oval:org.mitre.oval:def:7439", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439" "name": "41490",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/41490"
"name" : "37821", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37821" "name": "HPSBMA02568",
}, "refsource": "HP",
{ "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
"name" : "38648", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38648" "name": "http://www.php.net/ChangeLog-5.php",
}, "refsource": "CONFIRM",
{ "url": "http://www.php.net/ChangeLog-5.php"
"name" : "40262", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/40262" "name": "MDVSA-2010:045",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:045"
"name" : "41480", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41480" "name": "http://support.apple.com/kb/HT4077",
}, "refsource": "CONFIRM",
{ "url": "http://support.apple.com/kb/HT4077"
"name" : "41490", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/41490" "name": "ADV-2009-3593",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3593"
"name" : "ADV-2009-3593", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3593" "name": "DSA-2001",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2010/dsa-2001"
} },
{
"name": "SSRT100219",
"refsource": "HP",
"url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"
},
{
"name": "41480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/41480"
},
{
"name": "oval:org.mitre.oval:def:7439",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7439"
},
{
"name": "SSRT100152",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127680701405735&w=2"
}
]
}
} }

168
2009/4xxx/CVE-2009-4442.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4442", "ID": "CVE-2009-4442",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1" "lang": "eng",
}, "value": "Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665."
{ }
"name" : "270789", ]
"refsource" : "SUNALERT", },
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37481", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37481" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1023389", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1023389" ]
}, },
{ "references": {
"name" : "37915", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37915" "name": "ADV-2009-3647",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/3647"
"name" : "ADV-2009-3647", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3647" "name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1",
} "refsource": "CONFIRM",
] "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1"
} },
{
"name": "37481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37481"
},
{
"name": "1023389",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023389"
},
{
"name": "270789",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1"
},
{
"name": "37915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37915"
}
]
}
} }

178
2009/4xxx/CVE-2009-4526.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4526", "ID": "CVE-2009-4526",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a \"Send to friend\" form."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/node/604804", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/604804" "lang": "eng",
}, "value": "The Send by e-mail sub-module in the Print (aka Printer, e-mail and PDF versions) module 5.x before 5.x-4.9 and 6.x before 6.x-1.9, a module for Drupal, does not properly enforce privilege requirements, which allows remote attackers to read page titles by requesting a \"Send to friend\" form."
{ }
"name" : "http://drupal.org/node/604806", ]
"refsource" : "CONFIRM", },
"url" : "http://drupal.org/node/604806" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://drupal.org/node/604808", "description": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/node/604808" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "36707", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/36707" ]
}, },
{ "references": {
"name" : "58951", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/58951" "name": "ADV-2009-2922",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/2922"
"name" : "37059", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37059" "name": "http://drupal.org/node/604806",
}, "refsource": "CONFIRM",
{ "url": "http://drupal.org/node/604806"
"name" : "ADV-2009-2922", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2922" "name": "58951",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/58951"
} },
{
"name": "37059",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37059"
},
{
"name": "http://drupal.org/node/604808",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604808"
},
{
"name": "http://drupal.org/node/604804",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/604804"
},
{
"name": "36707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36707"
}
]
}
} }

158
2009/4xxx/CVE-2009-4775.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4775", "ID": "CVE-2009-4775",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9607", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9607" "lang": "eng",
}, "value": "Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response."
{ }
"name" : "http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt", ]
"refsource" : "MISC", },
"url" : "http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23", "description": [
"refsource" : "CONFIRM", {
"url" : "http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "36297", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/36297" ]
}, },
{ "references": {
"name" : "wsftp-http-format-string(53098)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53098" "name": "http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23",
} "refsource": "CONFIRM",
] "url": "http://docs.ipswitch.com/WS_FTP%20122/ReleaseNotes/English/index.htm?k_id=ipswitch_com_ftp_documents_worldwide_ws_ftp122releasenotesenglish#link23"
} },
{
"name": "wsftp-http-format-string(53098)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53098"
},
{
"name": "http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/0909-exploits/nocoolnameforawsftppoc.pl.txt"
},
{
"name": "9607",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9607"
},
{
"name": "36297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36297"
}
]
}
} }

148
2009/4xxx/CVE-2009-4816.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4816", "ID": "CVE-2009-4816",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "10599", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/10599" "lang": "eng",
}, "value": "Directory traversal vulnerability in api/download_checker.php in MegaLab The Uploader 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter."
{ }
"name" : "61270", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/61270" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37873", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37873" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "theuploader-filename-dir-traversal(54974)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54974" ]
} },
] "references": {
} "reference_data": [
{
"name": "theuploader-filename-dir-traversal(54974)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54974"
},
{
"name": "10599",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10599"
},
{
"name": "61270",
"refsource": "OSVDB",
"url": "http://osvdb.org/61270"
},
{
"name": "37873",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37873"
}
]
}
} }

138
2009/4xxx/CVE-2009-4980.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4980", "ID": "CVE-2009-4980",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://holisticinfosec.org/content/view/120/45/", "description_data": [
"refsource" : "MISC", {
"url" : "http://holisticinfosec.org/content/view/120/45/" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in Photokorn Gallery 1.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) where[] parameter to search.php and (2) qc parameter to admin.php."
{ }
"name" : "35966", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/35966" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36150", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36150" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "35966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35966"
},
{
"name": "36150",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36150"
},
{
"name": "http://holisticinfosec.org/content/view/120/45/",
"refsource": "MISC",
"url": "http://holisticinfosec.org/content/view/120/45/"
}
]
}
} }

32
2015/0xxx/CVE-2015-0166.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2015-0166", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2015-0166",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none."
} }
] ]
} }
} }

288
2015/0xxx/CVE-2015-0239.json
View File

@ -1,147 +1,147 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-0239", "ID": "CVE-2015-0239",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[bk-commits-head] 20150123 KVM: x86: SYSENTER emulation is broken", "description_data": [
"refsource" : "MLIST", {
"url" : "http://permalink.gmane.org/gmane.linux.kernel.commits.head/502245" "lang": "eng",
}, "value": "The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel before 3.18.5, when the guest OS lacks SYSENTER MSR initialization, allows guest OS users to gain guest OS privileges or cause a denial of service (guest OS crash) by triggering use of a 16-bit code segment for emulation of a SYSENTER instruction."
{ }
"name" : "[oss-security] 20150127 KVM SYSENTER emulation vulnerability - CVE-2015-0239", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2015/01/27/6" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3747379accba8e95d70cec0eae0582c8c182050", "description": [
"refsource" : "CONFIRM", {
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3747379accba8e95d70cec0eae0582c8c182050" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5", ]
"refsource" : "CONFIRM", }
"url" : "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1186448", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1186448" "name": "USN-2515-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2515-1"
"name" : "https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050", },
"refsource" : "CONFIRM", {
"url" : "https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050" "name": "DSA-3170",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3170"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" "name": "72842",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/72842"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html" "name": "[oss-security] 20150127 KVM SYSENTER emulation vulnerability - CVE-2015-0239",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2015/01/27/6"
"name" : "DSA-3170", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3170" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1186448",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1186448"
"name" : "MDVSA-2015:058", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:058" "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3747379accba8e95d70cec0eae0582c8c182050",
}, "refsource": "CONFIRM",
{ "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f3747379accba8e95d70cec0eae0582c8c182050"
"name" : "RHSA-2015:1272", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1272.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
"name" : "USN-2515-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2515-1" "name": "https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/torvalds/linux/commit/f3747379accba8e95d70cec0eae0582c8c182050"
"name" : "USN-2516-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2516-1" "name": "USN-2514-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2514-1"
"name" : "USN-2517-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2517-1" "name": "USN-2518-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2518-1"
"name" : "USN-2518-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2518-1" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"name" : "USN-2513-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2513-1" "name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5",
}, "refsource": "CONFIRM",
{ "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.18.5"
"name" : "USN-2514-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2514-1" "name": "MDVSA-2015:058",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:058"
"name" : "72842", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72842" "name": "[bk-commits-head] 20150123 KVM: x86: SYSENTER emulation is broken",
} "refsource": "MLIST",
] "url": "http://permalink.gmane.org/gmane.linux.kernel.commits.head/502245"
} },
{
"name": "USN-2517-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2517-1"
},
{
"name": "USN-2516-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2516-1"
},
{
"name": "RHSA-2015:1272",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1272.html"
},
{
"name": "USN-2513-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2513-1"
}
]
}
} }

138
2015/1xxx/CVE-2015-1363.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1363", "ID": "CVE-2015-1363",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150122 XSS vulnerability in articleFR CMS 3.0.5", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2015/Jan/101" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Free Reprintables ArticleFR 3.0.5 allows remote attackers to inject arbitrary web script or HTML via the q parameter to search/v/."
{ }
"name" : "http://packetstormsecurity.com/files/130066/articleFR-CMS-3.0.5-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/130066/articleFR-CMS-3.0.5-Cross-Site-Scripting.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.itas.vn/news/itas-team-found-out-XSS-vulnerability-in-articlefr-cms-73.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.itas.vn/news/itas-team-found-out-XSS-vulnerability-in-articlefr-cms-73.html" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.itas.vn/news/itas-team-found-out-XSS-vulnerability-in-articlefr-cms-73.html",
"refsource": "MISC",
"url": "http://www.itas.vn/news/itas-team-found-out-XSS-vulnerability-in-articlefr-cms-73.html"
},
{
"name": "20150122 XSS vulnerability in articleFR CMS 3.0.5",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/101"
},
{
"name": "http://packetstormsecurity.com/files/130066/articleFR-CMS-3.0.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130066/articleFR-CMS-3.0.5-Cross-Site-Scripting.html"
}
]
}
} }

168
2015/1xxx/CVE-2015-1611.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1611", "ID": "CVE-2015-1611",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to \"fake LLDP injection.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.internetsociety.org/sites/default/files/10_4_2.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.internetsociety.org/sites/default/files/10_4_2.pdf" "lang": "eng",
}, "value": "OpenFlow plugin for OpenDaylight before Helium SR3 allows remote attackers to spoof the SDN topology and affect the flow of data, related to \"fake LLDP injection.\""
{ }
"name" : "https://cloudrouter.org/security/", ]
"refsource" : "CONFIRM", },
"url" : "https://cloudrouter.org/security/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git.opendaylight.org/gerrit/#/c/16193/", "description": [
"refsource" : "CONFIRM", {
"url" : "https://git.opendaylight.org/gerrit/#/c/16193/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://git.opendaylight.org/gerrit/#/c/16208/", ]
"refsource" : "CONFIRM", }
"url" : "https://git.opendaylight.org/gerrit/#/c/16208/" ]
}, },
{ "references": {
"name" : "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP" "name": "https://git.opendaylight.org/gerrit/#/c/16208/",
}, "refsource": "CONFIRM",
{ "url": "https://git.opendaylight.org/gerrit/#/c/16208/"
"name" : "73254", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/73254" "name": "http://www.internetsociety.org/sites/default/files/10_4_2.pdf",
} "refsource": "MISC",
] "url": "http://www.internetsociety.org/sites/default/files/10_4_2.pdf"
} },
{
"name": "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP",
"refsource": "CONFIRM",
"url": "https://wiki.opendaylight.org/view/Security_Advisories#.5BModerate.5D_CVE-2015-1611_CVE-2015-1612_openflowplugin:_topology_spoofing_via_LLDP"
},
{
"name": "73254",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73254"
},
{
"name": "https://git.opendaylight.org/gerrit/#/c/16193/",
"refsource": "CONFIRM",
"url": "https://git.opendaylight.org/gerrit/#/c/16193/"
},
{
"name": "https://cloudrouter.org/security/",
"refsource": "CONFIRM",
"url": "https://cloudrouter.org/security/"
}
]
}
} }

118
2015/1xxx/CVE-2015-1618.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1618", "ID": "CVE-2015-1618",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10098", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10098" "lang": "eng",
} "value": "The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to obtain sensitive password information via a crafted URL."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10098",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10098"
}
]
}
} }

128
2015/1xxx/CVE-2015-1630.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2015-1630", "ID": "CVE-2015-1630",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"Audit Report Cross Site Scripting Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS15-026", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-026" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka \"Audit Report Cross Site Scripting Vulnerability.\""
{ }
"name" : "1031900", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1031900" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-026",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-026"
},
{
"name": "1031900",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031900"
}
]
}
} }

138
2015/4xxx/CVE-2015-4188.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-4188", "ID": "CVE-2015-4188",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150616 Cisco Prime Collaboration Manager SQL Injection Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39365" "lang": "eng",
}, "value": "SQL injection vulnerability in the Manager interface in Cisco Prime Collaboration 10.5(1) allows remote attackers to execute arbitrary SQL commands via a crafted URL, aka Bug IDs CSCuu29910, CSCuu29928, and CSCuu59104."
{ }
"name" : "75268", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/75268" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032592", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032592" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "1032592",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032592"
},
{
"name": "75268",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75268"
},
{
"name": "20150616 Cisco Prime Collaboration Manager SQL Injection Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39365"
}
]
}
} }

32
2015/4xxx/CVE-2015-4622.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-4622", "ID": "CVE-2015-4622",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

178
2015/5xxx/CVE-2015-5912.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5912", "ID": "CVE-2015-5912",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150916 Apple Safari FTP PASV manipulation vulnerability (CVE-2015-5912)", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/536488/100/0/threaded" "lang": "eng",
}, "value": "The CFNetwork FTPProtocol component in Apple iOS before 9 allows remote FTP proxy servers to trigger TCP connection attempts to intranet hosts via crafted responses."
{ }
"name" : "https://support.apple.com/HT205212", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT205212" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT205267", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205267" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2015-09-16-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2015-09-30-3", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" "name": "1033609",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1033609"
"name" : "76764", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76764" "name": "https://support.apple.com/HT205212",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT205212"
"name" : "1033609", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033609" "name": "APPLE-SA-2015-09-30-3",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
} },
{
"name": "76764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76764"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "20150916 Apple Safari FTP PASV manipulation vulnerability (CVE-2015-5912)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536488/100/0/threaded"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
} }

168
2015/5xxx/CVE-2015-5922.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5922", "ID": "CVE-2015-5922",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT205213", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205213" "lang": "eng",
}, "value": "Unspecified vulnerability in International Components for Unicode (ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS before 2, has unknown impact and attack vectors."
{ }
"name" : "https://support.apple.com/HT205267", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT205267" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2015-09-21-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2015-09-30-3", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" ]
}, },
{ "references": {
"name" : "76911", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76911" "name": "1033703",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1033703"
"name" : "1033703", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033703" "name": "APPLE-SA-2015-09-30-3",
} "refsource": "APPLE",
] "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
} },
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "APPLE-SA-2015-09-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name": "https://support.apple.com/HT205213",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205213"
},
{
"name": "76911",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76911"
}
]
}
} }

146
2018/1002xxx/CVE-2018-1002009.json
View File

@ -1,76 +1,76 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "larry0@me.com", "ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED" : "2018-08-22", "DATE_ASSIGNED": "2018-08-22",
"ID" : "CVE-2018-1002009", "ID": "CVE-2018-1002009",
"REQUESTER" : "kurt@seifried.org", "REQUESTER": "kurt@seifried.org",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"UPDATED" : "2017-08-10T14:41Z" "UPDATED": "2017-08-10T14:41Z"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Arigato Autoresponder and Newsletter", "product_name": "Arigato Autoresponder and Newsletter",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<=", "version_affected": "<=",
"version_value" : "2.5.1.8" "version_value": "2.5.1.8"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Kiboko Labs https://calendarscripts.info/" "vendor_name": "Kiboko Labs https://calendarscripts.info/"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "45434", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/45434/" "lang": "eng",
}, "value": "There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable."
{ }
"name" : "http://www.vapidlabs.com/advisory.php?v=203", ]
"refsource" : "MISC", },
"url" : "http://www.vapidlabs.com/advisory.php?v=203" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://wordpress.org/plugins/bft-autoresponder/", "description": [
"refsource" : "MISC", {
"url" : "https://wordpress.org/plugins/bft-autoresponder/" "lang": "eng",
} "value": "reflected XSS vulnerability in Wordpress Plugin Arigato Autoresponder and Newsletter v2.5.1.8"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "45434",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45434/"
},
{
"name": "https://wordpress.org/plugins/bft-autoresponder/",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/bft-autoresponder/"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=203",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=203"
}
]
}
} }

124
2018/1999xxx/CVE-2018-1999039.json
View File

@ -1,65 +1,65 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "kurt@seifried.org", "ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED" : "2018-07-31T20:04:28.275856", "DATE_ASSIGNED": "2018-07-31T20:04:28.275856",
"DATE_REQUESTED" : "2018-07-30T00:00:00", "DATE_REQUESTED": "2018-07-30T00:00:00",
"ID" : "CVE-2018-1999039", "ID": "CVE-2018-1999039",
"REQUESTER" : "ml@beckweb.net", "REQUESTER": "ml@beckweb.net",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Jenkins Confluence Publisher Plugin", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2.0.1 and earlier" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Jenkins project" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-285"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982" "lang": "eng",
} "value": "A server-side request forgery vulnerability exists in Jenkins Confluence Publisher Plugin 2.0.1 and earlier in ConfluenceSite.java that allows attackers to have Jenkins submit login requests to an attacker-specified Confluence server URL with attacker specified credentials."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-982"
}
]
}
} }

150
2018/3xxx/CVE-2018-3279.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3279", "ID": "CVE-2018-3279",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Server", "product_name": "MySQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.0.12 and prior" "version_value": "8.0.12 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Roles). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20181018-0002/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20181018-0002/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "105607", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105607" "lang": "eng",
}, "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
{ }
"name" : "1041888", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1041888" ]
} },
] "references": {
} "reference_data": [
{
"name": "1041888",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "105607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105607"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
}
]
}
} }

310
2018/3xxx/CVE-2018-3665.json
View File

@ -1,158 +1,158 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secure@intel.com", "ASSIGNER": "secure@intel.com",
"DATE_PUBLIC" : "2018-06-13T00:00:00", "DATE_PUBLIC": "2018-06-13T00:00:00",
"ID" : "CVE-2018-3665", "ID": "CVE-2018-3665",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Intel Core-based microprocessors", "product_name": "Intel Core-based microprocessors",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All" "version_value": "All"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Intel Corporation" "vendor_name": "Intel Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html" "lang": "eng",
}, "value": "System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially allow a local process to infer data from another process through a speculative execution side channel."
{ }
"name" : "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html" "lang": "eng",
}, "value": "Information Disclosure"
{ }
"name" : "https://support.citrix.com/article/CTX235745", ]
"refsource" : "CONFIRM", }
"url" : "https://support.citrix.com/article/CTX235745" ]
}, },
{ "references": {
"name" : "https://www.synology.com/support/security/Synology_SA_18_31", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://www.synology.com/support/security/Synology_SA_18_31" "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
"name" : "https://security.netapp.com/advisory/ntap-20181016-0001/", },
"refsource" : "CONFIRM", {
"url" : "https://security.netapp.com/advisory/ntap-20181016-0001/" "name": "RHSA-2018:2164",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2164"
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0", },
"refsource" : "CONFIRM", {
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0" "name": "USN-3696-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3696-1/"
"name" : "DSA-4232", },
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4232" "name": "https://www.synology.com/support/security/Synology_SA_18_31",
}, "refsource": "CONFIRM",
{ "url": "https://www.synology.com/support/security/Synology_SA_18_31"
"name" : "FreeBSD-SA-18:07", },
"refsource" : "FREEBSD", {
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc" "name": "1041125",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1041125"
"name" : "RHSA-2018:1852", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1852" "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
}, "refsource": "MLIST",
{ "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
"name" : "RHSA-2018:1944", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:1944" "name": "RHSA-2018:1944",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1944"
"name" : "RHSA-2018:2164", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2164" "name": "RHSA-2018:1852",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:1852"
"name" : "RHSA-2018:2165", },
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2165" "name": "FreeBSD-SA-18:07",
}, "refsource": "FREEBSD",
{ "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:07.lazyfpu.asc"
"name" : "USN-3696-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3696-1/" "name": "1041124",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1041124"
"name" : "USN-3696-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3696-2/" "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
}, "refsource": "CONFIRM",
{ "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name" : "USN-3698-2", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3698-2/" "name": "RHSA-2018:2165",
}, "refsource": "REDHAT",
{ "url": "https://access.redhat.com/errata/RHSA-2018:2165"
"name" : "USN-3698-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3698-1/" "name": "DSA-4232",
}, "refsource": "DEBIAN",
{ "url": "https://www.debian.org/security/2018/dsa-4232"
"name" : "104460", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104460" "name": "USN-3698-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/3698-1/"
"name" : "1041124", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041124" "name": "https://security.netapp.com/advisory/ntap-20181016-0001/",
}, "refsource": "CONFIRM",
{ "url": "https://security.netapp.com/advisory/ntap-20181016-0001/"
"name" : "1041125", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041125" "name": "USN-3696-2",
} "refsource": "UBUNTU",
] "url": "https://usn.ubuntu.com/3696-2/"
} },
{
"name": "104460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104460"
},
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00145.html"
},
{
"name": "https://support.citrix.com/article/CTX235745",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX235745"
},
{
"name": "USN-3698-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3698-2/"
}
]
}
} }

120
2018/3xxx/CVE-2018-3729.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00", "DATE_PUBLIC": "2018-04-26T00:00:00",
"ID" : "CVE-2018-3729", "ID": "CVE-2018-3729",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "localhost-now node module", "product_name": "localhost-now node module",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All versions" "version_value": "All versions"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "HackerOne" "vendor_name": "HackerOne"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path Traversal (CWE-22)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://hackerone.com/reports/312889", "description_data": [
"refsource" : "MISC", {
"url" : "https://hackerone.com/reports/312889" "lang": "eng",
} "value": "localhost-now node module suffers from a Path Traversal vulnerability due to lack of validation of file, which allows a malicious user to read content of any file with known path."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path Traversal (CWE-22)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/312889",
"refsource": "MISC",
"url": "https://hackerone.com/reports/312889"
}
]
}
} }

32
2018/3xxx/CVE-2018-3797.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3797", "ID": "CVE-2018-3797",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/3xxx/CVE-2018-3966.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-10-01T00:00:00", "DATE_PUBLIC": "2018-10-01T00:00:00",
"ID" : "CVE-2018-3966", "ID": "CVE-2018-3966",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Foxit PDF Reader", "product_name": "Foxit PDF Reader",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "9.1.0.5096" "version_value": "9.1.0.5096"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Foxit Software" "vendor_name": "Foxit Software"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0631", "description_data": [
"refsource" : "MISC", {
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0631" "lang": "eng",
} "value": "An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0631",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0631"
}
]
}
} }

160
2018/6xxx/CVE-2018-6060.json
View File

@ -1,83 +1,83 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "chrome-cve-admin@google.com", "ASSIGNER": "security@google.com",
"ID" : "CVE-2018-6060", "ID": "CVE-2018-6060",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Chrome", "product_name": "Chrome",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "65.0.3325.146" "version_value": "65.0.3325.146"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Google" "vendor_name": "Google"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use after free"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://crbug.com/780919", "description_data": [
"refsource" : "MISC", {
"url" : "https://crbug.com/780919" "lang": "eng",
}, "value": "Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page."
{ }
"name" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html", ]
"refsource" : "CONFIRM", },
"url" : "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-4182", "description": [
"refsource" : "DEBIAN", {
"url" : "https://www.debian.org/security/2018/dsa-4182" "lang": "eng",
}, "value": "Use after free"
{ }
"name" : "RHSA-2018:0484", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:0484" ]
}, },
{ "references": {
"name" : "103297", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/103297" "name": "https://crbug.com/780919",
} "refsource": "MISC",
] "url": "https://crbug.com/780919"
} },
{
"name": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/03/stable-channel-update-for-desktop.html"
},
{
"name": "103297",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103297"
},
{
"name": "RHSA-2018:0484",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0484"
},
{
"name": "DSA-4182",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4182"
}
]
}
} }

32
2018/6xxx/CVE-2018-6642.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6642", "ID": "CVE-2018-6642",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

138
2018/6xxx/CVE-2018-6954.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6954", "ID": "CVE-2018-6954",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/systemd/systemd/issues/7986", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/systemd/systemd/issues/7986" "lang": "eng",
}, "value": "systemd-tmpfiles in systemd through 237 mishandles symlinks present in non-terminal path components, which allows local users to obtain ownership of arbitrary files via vectors involving creation of a directory and a file under that directory, and later replacing that directory with a symlink. This occurs even if the fs.protected_symlinks sysctl is turned on."
{ }
"name" : "USN-3816-1", ]
"refsource" : "UBUNTU", },
"url" : "https://usn.ubuntu.com/3816-1/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-3816-2", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/3816-2/" "lang": "eng",
} "value": "n/a"
] }
} ]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3816-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3816-2/"
},
{
"name": "https://github.com/systemd/systemd/issues/7986",
"refsource": "MISC",
"url": "https://github.com/systemd/systemd/issues/7986"
},
{
"name": "USN-3816-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3816-1/"
}
]
}
} }

32
2018/7xxx/CVE-2018-7085.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7085", "ID": "CVE-2018-7085",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

128
2018/7xxx/CVE-2018-7203.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7203", "ID": "CVE-2018-7203",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44351", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44351/" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all."
{ }
"name" : "http://packetstormsecurity.com/files/146939/TwonkyMedia-Server-7.0.11-8.5-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/146939/TwonkyMedia-Server-7.0.11-8.5-Cross-Site-Scripting.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/146939/TwonkyMedia-Server-7.0.11-8.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/146939/TwonkyMedia-Server-7.0.11-8.5-Cross-Site-Scripting.html"
},
{
"name": "44351",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44351/"
}
]
}
} }

128
2018/7xxx/CVE-2018-7217.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7217", "ID": "CVE-2018-7217",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an esop/evm/OPPreliminaryForms.do?formId=857 request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://seclists.org/bugtraq/2018/Feb/38", "description_data": [
"refsource" : "MISC", {
"url" : "http://seclists.org/bugtraq/2018/Feb/38" "lang": "eng",
}, "value": "In Bravo Tejari Procurement Portal, uploaded files are not properly validated by the application either on the client or the server side. An attacker can take advantage of this vulnerability and upload malicious executable files to compromise the application, as demonstrated by an esop/evm/OPPreliminaryForms.do?formId=857 request."
{ }
"name" : "https://packetstormsecurity.com/files/146425/Tejari-Arbitrary-File-Upload.html", ]
"refsource" : "MISC", },
"url" : "https://packetstormsecurity.com/files/146425/Tejari-Arbitrary-File-Upload.html" "problemtype": {
} "problemtype_data": [
] {
} "description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://seclists.org/bugtraq/2018/Feb/38",
"refsource": "MISC",
"url": "http://seclists.org/bugtraq/2018/Feb/38"
},
{
"name": "https://packetstormsecurity.com/files/146425/Tejari-Arbitrary-File-Upload.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/146425/Tejari-Arbitrary-File-Upload.html"
}
]
}
} }

118
2018/7xxx/CVE-2018-7929.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@huawei.com", "ASSIGNER": "psirt@huawei.com",
"ID" : "CVE-2018-7929", "ID": "CVE-2018-7929",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Mate RS", "product_name": "Mate RS",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "The versions before NEO-AL00D 8.1.0.167(C786)" "version_value": "The versions before NEO-AL00D 8.1.0.167(C786)"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Huawei Technologies Co., Ltd." "vendor_name": "Huawei Technologies Co., Ltd."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "lock-screen bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180914-01-smartphone-en", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180914-01-smartphone-en" "lang": "eng",
} "value": "Huawei Mate RS smartphones with the versions before NEO-AL00D 8.1.0.167(C786) have a lock-screen bypass vulnerability. An attacker could unlock and use the phone through certain operations."
] }
} ]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "lock-screen bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180914-01-smartphone-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180914-01-smartphone-en"
}
]
}
} }

176
2018/8xxx/CVE-2018-8019.json
View File

@ -1,91 +1,91 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security@apache.org", "ASSIGNER": "security@apache.org",
"DATE_PUBLIC" : "2018-07-31T00:00:00", "DATE_PUBLIC": "2018-07-31T00:00:00",
"ID" : "CVE-2018-8019", "ID": "CVE-2018-8019",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Apache Tomcat Native", "product_name": "Apache Tomcat Native",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.2.0 to 1.2.16" "version_value": "1.2.0 to 1.2.16"
}, },
{ {
"version_value" : "1.1.23 to 1.1.34" "version_value": "1.1.23 to 1.1.34"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Apache Software Foundation" "vendor_name": "Apache Software Foundation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Constraint Bypass"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[www-announce] 20180721 [SECURITY] CVE-2018-8019 Apache Tomcat Native Connector - Mishandled OCSP invalid response", "description_data": [
"refsource" : "MLIST", {
"url" : "http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721095943.GA24320%40minotaur.apache.org%3E" "lang": "eng",
}, "value": "When using an OCSP responder Apache Tomcat Native 1.2.0 to 1.2.16 and 1.1.23 to 1.1.34 did not correctly handle invalid responses. This allowed for revoked client certificates to be incorrectly identified. It was therefore possible for users to authenticate with revoked certificates when using mutual TLS. Users not using OCSP checks are not affected by this vulnerability."
{ }
"name" : "[debian-lts-announce] 20180822 [SECURITY] [DLA 1475-1] tomcat-native security update", ]
"refsource" : "MLIST", },
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00023.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2018:2469", "description": [
"refsource" : "REDHAT", {
"url" : "https://access.redhat.com/errata/RHSA-2018:2469" "lang": "eng",
}, "value": "Security Constraint Bypass"
{ }
"name" : "RHSA-2018:2470", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2018:2470" ]
}, },
{ "references": {
"name" : "104936", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/104936" "name": "[www-announce] 20180721 [SECURITY] CVE-2018-8019 Apache Tomcat Native Connector - Mishandled OCSP invalid response",
}, "refsource": "MLIST",
{ "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201807.mbox/%3C20180721095943.GA24320%40minotaur.apache.org%3E"
"name" : "1041507", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041507" "name": "104936",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/104936"
} },
{
"name": "RHSA-2018:2469",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2469"
},
{
"name": "[debian-lts-announce] 20180822 [SECURITY] [DLA 1475-1] tomcat-native security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00023.html"
},
{
"name": "RHSA-2018:2470",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2470"
},
{
"name": "1041507",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041507"
}
]
}
} }

32
2018/8xxx/CVE-2018-8184.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8184", "ID": "CVE-2018-8184",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

32
2018/8xxx/CVE-2018-8317.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8317", "ID": "CVE-2018-8317",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }