admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:38:06 +00:00
parent cce8994714
commit 5cd2baa12b
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
56 changed files with 4338 additions and 4338 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

150
2005/0xxx/CVE-2005-0534.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0534",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0534",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=307067",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=307067"
},
{
"name" : "GLSA-200502-33",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
},
{
"name" : "1013260",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013260"
},
{
"name" : "14360",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14360"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013260",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013260"
},
{
"name": "GLSA-200502-33",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-33.xml"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=307067",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=307067"
},
{
"name": "14360",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14360"
}
]
}
}

150
2005/0xxx/CVE-2005-0636.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0636",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the USER command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0636",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050302 Foxmail server \"USER\" command Multiple remote buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/391960"
},
{
"name" : "12711",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12711"
},
{
"name" : "1013356",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013356"
},
{
"name" : "14145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14145"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the USER command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050302 Foxmail server \"USER\" command Multiple remote buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/391960"
},
{
"name": "12711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12711"
},
{
"name": "1013356",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013356"
},
{
"name": "14145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14145"
}
]
}
}

150
2005/0xxx/CVE-2005-0678.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0678",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0678",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050304 PHP Form Mail Script (2.3) - Arbitrary File Inclusion (VXSfx)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110996489800035&w=2"
},
{
"name" : "http://www.stadtaus.com/forum/t-1579.html",
"refsource" : "CONFIRM",
"url" : "http://www.stadtaus.com/forum/t-1579.html"
},
{
"name" : "1013378",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013378"
},
{
"name" : "14505",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14505"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL on a remote web server that contains the code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14505",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14505"
},
{
"name": "http://www.stadtaus.com/forum/t-1579.html",
"refsource": "CONFIRM",
"url": "http://www.stadtaus.com/forum/t-1579.html"
},
{
"name": "1013378",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013378"
},
{
"name": "20050304 PHP Form Mail Script (2.3) - Arbitrary File Inclusion (VXSfx)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110996489800035&w=2"
}
]
}
}

190
2005/2xxx/CVE-2005-2041.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2041",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobot_ID cookie (HTTP_COOKIE)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050615 DMA[2005-0614a] - 'Global Hauri ViRobot Server cookie overflow'",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=111880273631392&w=2"
},
{
"name" : "http://www.securiteam.com/exploits/5TP0C1FG1I.html",
"refsource" : "MISC",
"url" : "http://www.securiteam.com/exploits/5TP0C1FG1I.html"
},
{
"name" : "http://www.digitalmunition.com/DMA%5B2005-0614a%5D.txt",
"refsource" : "MISC",
"url" : "http://www.digitalmunition.com/DMA%5B2005-0614a%5D.txt"
},
{
"name" : "http://www.globalhauri.com/html/download/down_unixpatch.html",
"refsource" : "CONFIRM",
"url" : "http://www.globalhauri.com/html/download/down_unixpatch.html"
},
{
"name" : "12964",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12964"
},
{
"name" : "17320",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17320"
},
{
"name" : "15700",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15700"
},
{
"name" : "virobot-addschup-bo(21000)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21000"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other products, allows remote attackers to execute arbitrary code via a long ViRobot_ID cookie (HTTP_COOKIE)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12964",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12964"
},
{
"name": "virobot-addschup-bo(21000)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21000"
},
{
"name": "20050615 DMA[2005-0614a] - 'Global Hauri ViRobot Server cookie overflow'",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=111880273631392&w=2"
},
{
"name": "http://www.securiteam.com/exploits/5TP0C1FG1I.html",
"refsource": "MISC",
"url": "http://www.securiteam.com/exploits/5TP0C1FG1I.html"
},
{
"name": "http://www.globalhauri.com/html/download/down_unixpatch.html",
"refsource": "CONFIRM",
"url": "http://www.globalhauri.com/html/download/down_unixpatch.html"
},
{
"name": "15700",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15700"
},
{
"name": "http://www.digitalmunition.com/DMA%5B2005-0614a%5D.txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA%5B2005-0614a%5D.txt"
},
{
"name": "17320",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17320"
}
]
}
}

190
2005/2xxx/CVE-2005-2642.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2642",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050818 mutt buffer overflow",
"refsource" : "FULLDISC",
"url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0594.html"
},
{
"name" : "20050818 Re: mutt buffer overflow",
"refsource" : "FULLDISC",
"url" : "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0600.html"
},
{
"name" : "20050818 mutt buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/408493"
},
{
"name" : "20050818 Re: mutt buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/408501"
},
{
"name" : "http://comments.gmane.org/gmane.mail.mutt.devel/8379",
"refsource" : "MISC",
"url" : "http://comments.gmane.org/gmane.mail.mutt.devel/8379"
},
{
"name" : "14596",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14596"
},
{
"name" : "1014729",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014729"
},
{
"name" : "16485",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16485"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14596",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14596"
},
{
"name": "20050818 Re: mutt buffer overflow",
"refsource": "FULLDISC",
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0600.html"
},
{
"name": "20050818 mutt buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/408493"
},
{
"name": "http://comments.gmane.org/gmane.mail.mutt.devel/8379",
"refsource": "MISC",
"url": "http://comments.gmane.org/gmane.mail.mutt.devel/8379"
},
{
"name": "20050818 Re: mutt buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/408501"
},
{
"name": "20050818 mutt buffer overflow",
"refsource": "FULLDISC",
"url": "http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-08/0594.html"
},
{
"name": "16485",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16485"
},
{
"name": "1014729",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014729"
}
]
}
}

150
2005/2xxx/CVE-2005-2819.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2819",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "14714",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14714"
},
{
"name" : "ADV-2005-1601",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1601"
},
{
"name" : "1014827",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014827"
},
{
"name" : "16630",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16630"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14714",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14714"
},
{
"name": "ADV-2005-1601",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1601"
},
{
"name": "1014827",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014827"
},
{
"name": "16630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16630"
}
]
}
}

200
2005/3xxx/CVE-2005-3197.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3197",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3197",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051006 Secunia Research: Webroot Desktop Firewall Two Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0129.html"
},
{
"name" : "http://secunia.com/secunia_research/2005-10/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2005-10/advisory/"
},
{
"name" : "http://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332",
"refsource" : "CONFIRM",
"url" : "http://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332"
},
{
"name" : "15016",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15016"
},
{
"name" : "ADV-2005-1973",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1973"
},
{
"name" : "19868",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19868"
},
{
"name" : "1015012",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015012"
},
{
"name" : "15745",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15745/"
},
{
"name" : "webroot-pwiwrapper-bo(22529)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22529"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop Firewall before 1.3.0build52 allows local users to execute arbitrary code as SYSTEM by sending a crafted DeviceIoControl command, then removing an allowed program from the firewall list."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15745",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15745/"
},
{
"name": "15016",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15016"
},
{
"name": "ADV-2005-1973",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1973"
},
{
"name": "19868",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19868"
},
{
"name": "20051006 Secunia Research: Webroot Desktop Firewall Two Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0129.html"
},
{
"name": "http://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332",
"refsource": "CONFIRM",
"url": "http://support.webroot.com/ics/support/KBAnswer.asp?questionID=2332"
},
{
"name": "1015012",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015012"
},
{
"name": "webroot-pwiwrapper-bo(22529)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22529"
},
{
"name": "http://secunia.com/secunia_research/2005-10/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-10/advisory/"
}
]
}
}

170
2005/3xxx/CVE-2005-3429.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3429",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3429",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113053680631151&w=2"
},
{
"name" : "20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html"
},
{
"name" : "http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf",
"refsource" : "MISC",
"url" : "http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf"
},
{
"name" : "22682",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22682"
},
{
"name" : "1015117",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015117"
},
{
"name" : "mailsiteexpress-cookie-plaintext-password(22906)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22906"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0578.html"
},
{
"name": "mailsiteexpress-cookie-plaintext-password(22906)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22906"
},
{
"name": "1015117",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015117"
},
{
"name": "http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf",
"refsource": "MISC",
"url": "http://www.security-assessment.com/Advisories/Rockliffe_Express_Webmail_Vulnerabilities.pdf"
},
{
"name": "22682",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22682"
},
{
"name": "20051028 Multiple vulnerabilities within RockLiffe MailSite Express WebMail",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113053680631151&w=2"
}
]
}
}

240
2005/3xxx/CVE-2005-3547.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3547",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3547",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051104 Failles dans Invision Power Board 2.1 [xss]",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/415801/30/0/threaded"
},
{
"name" : "http://benji.redkod.org/audits/ipb.2.1.pdf",
"refsource" : "MISC",
"url" : "http://benji.redkod.org/audits/ipb.2.1.pdf"
},
{
"name" : "15344",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15344"
},
{
"name" : "15345",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15345"
},
{
"name" : "20516",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/20516"
},
{
"name" : "20517",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/20517"
},
{
"name" : "20518",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/20518"
},
{
"name" : "20519",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/20519"
},
{
"name" : "20520",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/20520"
},
{
"name" : "20521",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/20521"
},
{
"name" : "20522",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/20522"
},
{
"name" : "17443",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17443"
},
{
"name" : "invision-powerboard-admin-xss(22999)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22999"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) adsess, (2) name, and (3) description parameters in admin.php, and the (4) ACP Notes, (5) Member Name, (6) Password, (7) Email Address, (8) Components, and multiple other input fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051104 Failles dans Invision Power Board 2.1 [xss]",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/415801/30/0/threaded"
},
{
"name": "invision-powerboard-admin-xss(22999)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22999"
},
{
"name": "20520",
"refsource": "OSVDB",
"url": "http://osvdb.org/20520"
},
{
"name": "20519",
"refsource": "OSVDB",
"url": "http://osvdb.org/20519"
},
{
"name": "15344",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15344"
},
{
"name": "17443",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17443"
},
{
"name": "20518",
"refsource": "OSVDB",
"url": "http://osvdb.org/20518"
},
{
"name": "20516",
"refsource": "OSVDB",
"url": "http://osvdb.org/20516"
},
{
"name": "20517",
"refsource": "OSVDB",
"url": "http://osvdb.org/20517"
},
{
"name": "15345",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15345"
},
{
"name": "20521",
"refsource": "OSVDB",
"url": "http://osvdb.org/20521"
},
{
"name": "http://benji.redkod.org/audits/ipb.2.1.pdf",
"refsource": "MISC",
"url": "http://benji.redkod.org/audits/ipb.2.1.pdf"
},
{
"name": "20522",
"refsource": "OSVDB",
"url": "http://osvdb.org/20522"
}
]
}
}

140
2005/3xxx/CVE-2005-3587.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3587",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=368319",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"name" : "GLSA-200511-04",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"name" : "MDKSA-2005:205",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200511-04",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"name": "MDKSA-2005:205",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=368319",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
}
]
}
}

220
2005/3xxx/CVE-2005-3807.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3807",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak in the VFS file lease handling in locks.c in Linux kernels 2.6.10 to 2.6.15 allows local users to cause a denial of service (memory exhaustion) via certain Samba activities that cause an fasync entry to be re-allocated by the fcntl_setlease function after the fasync queue has already been cleaned by the locks_delete_lock function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3807",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dc15ae14e97ee9d5ed740cbb0b94996076d8b37e",
"refsource" : "CONFIRM",
"url" : "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dc15ae14e97ee9d5ed740cbb0b94996076d8b37e"
},
{
"name" : "[linux-kernel] 20051113 [GIT] Fix memory leak in lease code",
"refsource" : "MLIST",
"url" : "http://marc.info/?l=linux-kernel&m=113190437101622&w=2"
},
{
"name" : "FLSA:157459-4",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/427981/100/0/threaded"
},
{
"name" : "SUSE-SA:2005:067",
"refsource" : "SUSE",
"url" : "http://www.securityfocus.com/advisories/9806"
},
{
"name" : "SUSE-SA:2005:068",
"refsource" : "SUSE",
"url" : "http://www.securityfocus.com/archive/1/419522/100/0/threaded"
},
{
"name" : "TSLSA-2005-0070",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2005/0070"
},
{
"name" : "USN-231-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntulinux.org/usn/usn-231-1"
},
{
"name" : "15745",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15745"
},
{
"name" : "17917",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17917"
},
{
"name" : "17918",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17918"
},
{
"name" : "18203",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18203"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory leak in the VFS file lease handling in locks.c in Linux kernels 2.6.10 to 2.6.15 allows local users to cause a denial of service (memory exhaustion) via certain Samba activities that cause an fasync entry to be re-allocated by the fcntl_setlease function after the fasync queue has already been cleaned by the locks_delete_lock function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17917"
},
{
"name": "SUSE-SA:2005:067",
"refsource": "SUSE",
"url": "http://www.securityfocus.com/advisories/9806"
},
{
"name": "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dc15ae14e97ee9d5ed740cbb0b94996076d8b37e",
"refsource": "CONFIRM",
"url": "http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=dc15ae14e97ee9d5ed740cbb0b94996076d8b37e"
},
{
"name": "18203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18203"
},
{
"name": "USN-231-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntulinux.org/usn/usn-231-1"
},
{
"name": "SUSE-SA:2005:068",
"refsource": "SUSE",
"url": "http://www.securityfocus.com/archive/1/419522/100/0/threaded"
},
{
"name": "[linux-kernel] 20051113 [GIT] Fix memory leak in lease code",
"refsource": "MLIST",
"url": "http://marc.info/?l=linux-kernel&m=113190437101622&w=2"
},
{
"name": "FLSA:157459-4",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/427981/100/0/threaded"
},
{
"name": "TSLSA-2005-0070",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0070"
},
{
"name": "17918",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17918"
},
{
"name": "15745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15745"
}
]
}
}

120
2005/4xxx/CVE-2005-4029.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4029",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#170394",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/170394"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could be useful in other attacks such as locking out valid users via brute force methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#170394",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/170394"
}
]
}
}

170
2005/4xxx/CVE-2005-4656.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4656",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands, and retrieve all usernames and passwords, via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4656",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/TClanPortal_sql_inj.pl",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/TClanPortal_sql_inj.pl"
},
{
"name" : "15173",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15173"
},
{
"name" : "ADV-2005-2187",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2187"
},
{
"name" : "20305",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20305"
},
{
"name" : "17324",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17324"
},
{
"name" : "tclanportal-index-sql-injection(22869)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22869"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands, and retrieve all usernames and passwords, via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20305",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20305"
},
{
"name": "17324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17324"
},
{
"name": "ADV-2005-2187",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2187"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/TClanPortal_sql_inj.pl",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/TClanPortal_sql_inj.pl"
},
{
"name": "tclanportal-index-sql-injection(22869)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22869"
},
{
"name": "15173",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15173"
}
]
}
}

210
2005/4xxx/CVE-2005-4715.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4715",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4715",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050912 PHP Nuke <= 7.8 Multiple SQL Injections",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-09/0119.html"
},
{
"name" : "20050913 Re: PHP Nuke <= 7.8 Multiple SQL Injections",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-09/0176.html"
},
{
"name" : "20050914 Re: PHP Nuke <= 7.8 Multiple SQL Injections",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-09/0167.html"
},
{
"name" : "20050916 Re: PHP Nuke <= 7.8 Multiple SQL Injections",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-09/0226.html"
},
{
"name" : "http://phpnuke.org/modules.php?name=News&file=article&sid=7434",
"refsource" : "CONFIRM",
"url" : "http://phpnuke.org/modules.php?name=News&file=article&sid=7434"
},
{
"name" : "http://www.nukefixes.com/ftopict-1779-.html#7641",
"refsource" : "CONFIRM",
"url" : "http://www.nukefixes.com/ftopict-1779-.html#7641"
},
{
"name" : "19351",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19351"
},
{
"name" : "16801",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16801"
},
{
"name" : "3",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/3"
},
{
"name" : "phpnuke-modulephp-sql-injection(22247)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22247"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050916 Re: PHP Nuke <= 7.8 Multiple SQL Injections",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0226.html"
},
{
"name": "16801",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16801"
},
{
"name": "3",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3"
},
{
"name": "phpnuke-modulephp-sql-injection(22247)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22247"
},
{
"name": "http://www.nukefixes.com/ftopict-1779-.html#7641",
"refsource": "CONFIRM",
"url": "http://www.nukefixes.com/ftopict-1779-.html#7641"
},
{
"name": "http://phpnuke.org/modules.php?name=News&file=article&sid=7434",
"refsource": "CONFIRM",
"url": "http://phpnuke.org/modules.php?name=News&file=article&sid=7434"
},
{
"name": "19351",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19351"
},
{
"name": "20050913 Re: PHP Nuke <= 7.8 Multiple SQL Injections",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0176.html"
},
{
"name": "20050912 PHP Nuke <= 7.8 Multiple SQL Injections",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0119.html"
},
{
"name": "20050914 Re: PHP Nuke <= 7.8 Multiple SQL Injections",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-09/0167.html"
}
]
}
}

130
2005/4xxx/CVE-2005-4788.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via \"alternate syntax for specifying USB devices.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SUSE-SR:2005:022",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
},
{
"name" : "15037",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15037"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via \"alternate syntax for specifying USB devices.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15037"
},
{
"name": "SUSE-SR:2005:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_22_sr.html"
}
]
}
}

170
2005/4xxx/CVE-2005-4864.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4864",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4864",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050105 IBM DB2 libdb2.so buffer overflow (#NISR05012005B)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110495092105541&w=2"
},
{
"name" : "http://www.ngssoftware.com/advisories/db205012005B.txt",
"refsource" : "MISC",
"url" : "http://www.ngssoftware.com/advisories/db205012005B.txt"
},
{
"name" : "IY62042",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1IY62042"
},
{
"name" : "11390",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11390"
},
{
"name" : "12733",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/12733/"
},
{
"name" : "db2-db2lport-bo(17616)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17616"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11390",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11390"
},
{
"name": "IY62042",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1IY62042"
},
{
"name": "db2-db2lport-bo(17616)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17616"
},
{
"name": "20050105 IBM DB2 libdb2.so buffer overflow (#NISR05012005B)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110495092105541&w=2"
},
{
"name": "12733",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12733/"
},
{
"name": "http://www.ngssoftware.com/advisories/db205012005B.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/db205012005B.txt"
}
]
}
}

210
2009/0xxx/CVE-2009-0319.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0319",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to \"xdr processing problems.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-128624-09-1",
"refsource" : "CONFIRM",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-128624-09-1"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-041.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-041.htm"
},
{
"name" : "249966",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-249966-1"
},
{
"name" : "33459",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33459"
},
{
"name" : "oval:org.mitre.oval:def:5977",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5977"
},
{
"name" : "ADV-2009-0256",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0256"
},
{
"name" : "ADV-2009-0363",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0363"
},
{
"name" : "1021644",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021644"
},
{
"name" : "33665",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33665"
},
{
"name" : "solaris-autofs-code-execution(48234)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48234"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to \"xdr processing problems.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0256",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0256"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-041.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-041.htm"
},
{
"name": "33665",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33665"
},
{
"name": "oval:org.mitre.oval:def:5977",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5977"
},
{
"name": "ADV-2009-0363",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0363"
},
{
"name": "33459",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33459"
},
{
"name": "solaris-autofs-code-execution(48234)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48234"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-128624-09-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-128624-09-1"
},
{
"name": "1021644",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021644"
},
{
"name": "249966",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-249966-1"
}
]
}
}

180
2009/0xxx/CVE-2009-0579.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0579",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0579",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[pam-list] 20090309 Linux-PAM 1.0.4 released",
"refsource" : "MLIST",
"url" : "https://www.redhat.com/archives/pam-list/2009-March/msg00006.html"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514437",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514437"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=487216",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=487216"
},
{
"name" : "FEDORA-2009-3204",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00398.html"
},
{
"name" : "FEDORA-2009-3231",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00420.html"
},
{
"name" : "34728",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34728"
},
{
"name" : "34733",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34733"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34728",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34728"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=487216",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=487216"
},
{
"name": "FEDORA-2009-3204",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00398.html"
},
{
"name": "[pam-list] 20090309 Linux-PAM 1.0.4 released",
"refsource": "MLIST",
"url": "https://www.redhat.com/archives/pam-list/2009-March/msg00006.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514437",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514437"
},
{
"name": "FEDORA-2009-3231",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00420.html"
},
{
"name": "34733",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34733"
}
]
}
}

140
2009/2xxx/CVE-2009-2067.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2067",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2067",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323",
"refsource" : "MISC",
"url" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
},
{
"name" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf",
"refsource" : "MISC",
"url" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name" : "35403",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35403"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35403"
},
{
"name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf",
"refsource": "MISC",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323",
"refsource": "MISC",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
]
}
}

150
2009/2xxx/CVE-2009-2233.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8994",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/8994"
},
{
"name" : "35513",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35513"
},
{
"name" : "ADV-2009-1649",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1649"
},
{
"name" : "gallerysearch-cookie-security-bypass(51276)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51276"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The admin interface in AWScripts.com Gallery Search Engine 1.5 allows remote attackers to bypass authentication and gain administrative access by setting the awse_logged cookie to 1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8994",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8994"
},
{
"name": "ADV-2009-1649",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1649"
},
{
"name": "gallerysearch-cookie-security-bypass(51276)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51276"
},
{
"name": "35513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35513"
}
]
}
}

160
2009/2xxx/CVE-2009-2707.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2707",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in ia32el (aka the IA 32 emulation functionality) before 7042_7022-0.4.2 in SUSE Linux Enterprise (SLE) 10 SP2 on Itanium IA64 machines allows local users to cause a denial of service (system crash) via a 32-bit x86 application."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security-info@sgi.com",
"ID": "CVE-2009-2707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.launchpad.net/bugs/cve/2009-2707",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/bugs/cve/2009-2707"
},
{
"name" : "http://support.novell.com/security/cve/CVE-2009-2707.html",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/security/cve/CVE-2009-2707.html"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=521524",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=521524"
},
{
"name" : "SUSE-SR:2009:015",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name" : "36393",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36393"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in ia32el (aka the IA 32 emulation functionality) before 7042_7022-0.4.2 in SUSE Linux Enterprise (SLE) 10 SP2 on Itanium IA64 machines allows local users to cause a denial of service (system crash) via a 32-bit x86 application."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2009:015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html"
},
{
"name": "36393",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36393"
},
{
"name": "http://support.novell.com/security/cve/CVE-2009-2707.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/security/cve/CVE-2009-2707.html"
},
{
"name": "https://bugs.launchpad.net/bugs/cve/2009-2707",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/bugs/cve/2009-2707"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=521524",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=521524"
}
]
}
}

170
2009/3xxx/CVE-2009-3085.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3085",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8",
"refsource" : "CONFIRM",
"url" : "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
},
{
"name" : "http://www.pidgin.im/news/security/index.php?id=37",
"refsource" : "CONFIRM",
"url" : "http://www.pidgin.im/news/security/index.php?id=37"
},
{
"name" : "36277",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36277"
},
{
"name" : "oval:org.mitre.oval:def:11223",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
},
{
"name" : "oval:org.mitre.oval:def:6434",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
},
{
"name" : "36601",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36601"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not properly handle an error IQ stanza during an attempted fetch of a custom smiley, which allows remote attackers to cause a denial of service (application crash) via XHTML-IM content with cid: images."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36601",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36601"
},
{
"name": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8",
"refsource": "CONFIRM",
"url": "http://developer.pidgin.im/viewmtn/revision/info/fd5955618eddcd84d522b30ff11102f9601f38c8"
},
{
"name": "http://www.pidgin.im/news/security/index.php?id=37",
"refsource": "CONFIRM",
"url": "http://www.pidgin.im/news/security/index.php?id=37"
},
{
"name": "36277",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36277"
},
{
"name": "oval:org.mitre.oval:def:6434",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6434"
},
{
"name": "oval:org.mitre.oval:def:11223",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11223"
}
]
}
}

150
2009/3xxx/CVE-2009-3542.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3542",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in ls.php in LittleSite (aka LS or LittleSite.php) 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3542",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0907-exploits/ls-lfi.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0907-exploits/ls-lfi.txt"
},
{
"name" : "55969",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55969"
},
{
"name" : "35907",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35907"
},
{
"name" : "littlesite-index-file-include(51819)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51819"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in ls.php in LittleSite (aka LS or LittleSite.php) 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55969",
"refsource": "OSVDB",
"url": "http://osvdb.org/55969"
},
{
"name": "littlesite-index-file-include(51819)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51819"
},
{
"name": "35907",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35907"
},
{
"name": "http://packetstormsecurity.org/0907-exploits/ls-lfi.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/ls-lfi.txt"
}
]
}
}

140
2009/3xxx/CVE-2009-3746.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3746",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3746",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-120094-29-1",
"refsource" : "CONFIRM",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-120094-29-1"
},
{
"name" : "268288",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268288-1"
},
{
"name" : "oval:org.mitre.oval:def:6644",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6644"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, a different vulnerability than CVE-2009-1276 and CVE-2009-2711."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-120094-29-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-120094-29-1"
},
{
"name": "oval:org.mitre.oval:def:6644",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6644"
},
{
"name": "268288",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-268288-1"
}
]
}
}

250
2009/3xxx/CVE-2009-3956.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3956",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2009-3956",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt",
"refsource" : "MISC",
"url" : "http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt"
},
{
"name" : "http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf",
"refsource" : "MISC",
"url" : "http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf"
},
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb10-02.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=554296",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=554296"
},
{
"name" : "RHSA-2010:0060",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0060.html"
},
{
"name" : "SUSE-SA:2010:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name" : "TA10-013A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"
},
{
"name" : "37763",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37763"
},
{
"name" : "oval:org.mitre.oval:def:8327",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327"
},
{
"name" : "1023446",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023446"
},
{
"name" : "38138",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38138"
},
{
"name" : "38215",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38215"
},
{
"name" : "ADV-2010-0103",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0103"
},
{
"name" : "acrobat-reader-unspec-xss(55554)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55554"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "acrobat-reader-unspec-xss(55554)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55554"
},
{
"name": "38138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38138"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=554296",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb10-02.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"name": "RHSA-2010:0060",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0060.html"
},
{
"name": "37763",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37763"
},
{
"name": "http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf",
"refsource": "MISC",
"url": "http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf"
},
{
"name": "ADV-2010-0103",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0103"
},
{
"name": "1023446",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023446"
},
{
"name": "38215",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38215"
},
{
"name": "SUSE-SA:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html"
},
{
"name": "TA10-013A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA10-013A.html"
},
{
"name": "oval:org.mitre.oval:def:8327",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8327"
},
{
"name": "http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt",
"refsource": "MISC",
"url": "http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt"
}
]
}
}

130
2009/3xxx/CVE-2009-3964.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3964",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9502",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9502"
},
{
"name" : "36122",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36122"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9502",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9502"
},
{
"name": "36122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36122"
}
]
}
}

170
2009/4xxx/CVE-2009-4062.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4062",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/636670",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/636670"
},
{
"name" : "http://drupal.org/node/636678",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/636678"
},
{
"name" : "37059",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37059"
},
{
"name" : "60281",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/60281"
},
{
"name" : "37441",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37441"
},
{
"name" : "printfriendly-unspecified-xss(54348)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54348"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Printfriendly module 6.x before 6.x-1.6 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37059",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37059"
},
{
"name": "60281",
"refsource": "OSVDB",
"url": "http://osvdb.org/60281"
},
{
"name": "http://drupal.org/node/636678",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/636678"
},
{
"name": "printfriendly-unspecified-xss(54348)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54348"
},
{
"name": "http://drupal.org/node/636670",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/636670"
},
{
"name": "37441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37441"
}
]
}
}

220
2009/4xxx/CVE-2009-4376.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4376",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4376",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4022",
"refsource" : "MISC",
"url" : "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4022"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2009-09.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2009-09.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4294",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4294"
},
{
"name" : "FEDORA-2009-13592",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html"
},
{
"name" : "37407",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37407"
},
{
"name" : "61177",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/61177"
},
{
"name" : "oval:org.mitre.oval:def:16435",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16435"
},
{
"name" : "1023374",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023374"
},
{
"name" : "37842",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37842"
},
{
"name" : "37916",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37916"
},
{
"name" : "ADV-2009-3596",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3596"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4022",
"refsource": "MISC",
"url": "https://bugs.wireshark.org/bugzilla/attachment.cgi?id=4022"
},
{
"name": "37916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37916"
},
{
"name": "oval:org.mitre.oval:def:16435",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16435"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4294",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4294"
},
{
"name": "37842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37842"
},
{
"name": "ADV-2009-3596",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3596"
},
{
"name": "61177",
"refsource": "OSVDB",
"url": "http://osvdb.org/61177"
},
{
"name": "FEDORA-2009-13592",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01248.html"
},
{
"name": "37407",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37407"
},
{
"name": "1023374",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023374"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2009-09.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2009-09.html"
}
]
}
}

190
2009/4xxx/CVE-2009-4698.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4698",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9249",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9249"
},
{
"name" : "9261",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9261"
},
{
"name" : "35820",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35820"
},
{
"name" : "56593",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56593"
},
{
"name" : "56594",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/56594"
},
{
"name" : "56595",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56595"
},
{
"name" : "35966",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35966"
},
{
"name" : "celepar-aviso-sql-injection(51985)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51985"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Qas (aka Quas) module for XOOPS Celepar allow remote attackers to execute arbitrary SQL commands via the codigo parameter to (1) aviso.php and (2) imprimir.php, and the (3) cod_categoria parameter to categoria.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56593",
"refsource": "OSVDB",
"url": "http://osvdb.org/56593"
},
{
"name": "35820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35820"
},
{
"name": "56594",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56594"
},
{
"name": "9261",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9261"
},
{
"name": "9249",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9249"
},
{
"name": "56595",
"refsource": "OSVDB",
"url": "http://osvdb.org/56595"
},
{
"name": "celepar-aviso-sql-injection(51985)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51985"
},
{
"name": "35966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35966"
}
]
}
}

120
2009/4xxx/CVE-2009-4917.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4917",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4917",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (device reload) via a high volume of SIP traffic, aka Bug ID CSCsr65901."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
}
]
}
}

130
2012/2xxx/CVE-2012-2356.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2356",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120523 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2012/05/23/2"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32239",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32239"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120523 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/05/23/2"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32239",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32239"
}
]
}
}

300
2012/2xxx/CVE-2012-2875.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2875",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 allow remote attackers to have an unknown impact via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2875",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=134955",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=134955"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=135488",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=135488"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=137106",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=137106"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=137288",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=137288"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=137302",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=137302"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=137547",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=137547"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=137556",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=137556"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=137606",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=137606"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=137635",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=137635"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=137880",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=137880"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=137928",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=137928"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=144579",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=144579"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=145079",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=145079"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=145121",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=145121"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=145163",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=145163"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=146462",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=146462"
},
{
"name" : "oval:org.mitre.oval:def:15627",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15627"
},
{
"name" : "google-chrome-cve20122875(78836)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78836"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the PDF functionality in Google Chrome before 22.0.1229.79 allow remote attackers to have an unknown impact via a crafted document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://code.google.com/p/chromium/issues/detail?id=144579",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=144579"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=137288",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=137288"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=145163",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=145163"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=134955",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=134955"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=137106",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=137106"
},
{
"name": "google-chrome-cve20122875(78836)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78836"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=137556",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=137556"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=137880",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=137880"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=137606",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=137606"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=145121",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=145121"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/09/stable-channel-update_25.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=145079",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=145079"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=137928",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=137928"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=137547",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=137547"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=146462",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=146462"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=137635",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=137635"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=137302",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=137302"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=135488",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=135488"
},
{
"name": "oval:org.mitre.oval:def:15627",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15627"
}
]
}
}

140
2015/0xxx/CVE-2015-0056.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0056",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1623 and CVE-2015-1626."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2015-0056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS15-018",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018"
},
{
"name" : "72924",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72924"
},
{
"name" : "1031888",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka \"Internet Explorer Memory Corruption Vulnerability,\" a different vulnerability than CVE-2015-1623 and CVE-2015-1626."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS15-018",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/ms15-018"
},
{
"name": "1031888",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031888"
},
{
"name": "72924",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72924"
}
]
}
}

190
2015/0xxx/CVE-2015-0335.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0339."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-0335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html"
},
{
"name" : "GLSA-201503-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-09"
},
{
"name" : "RHSA-2015:0697",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0697.html"
},
{
"name" : "SUSE-SU-2015:0491",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.html"
},
{
"name" : "SUSE-SU-2015:0493",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.html"
},
{
"name" : "openSUSE-SU-2015:0490",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.html"
},
{
"name" : "openSUSE-SU-2015:0496",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.html"
},
{
"name" : "1031922",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031922"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0332, CVE-2015-0333, and CVE-2015-0339."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:0490",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00014.html"
},
{
"name": "GLSA-201503-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-09"
},
{
"name": "1031922",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031922"
},
{
"name": "SUSE-SU-2015:0493",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00016.html"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-05.html"
},
{
"name": "openSUSE-SU-2015:0496",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00017.html"
},
{
"name": "RHSA-2015:0697",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0697.html"
},
{
"name": "SUSE-SU-2015:0491",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00015.html"
}
]
}
}

130
2015/0xxx/CVE-2015-0453.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect confidentiality via vectors related to PORTAL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name" : "1032125",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032125"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect confidentiality via vectors related to PORTAL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
},
{
"name": "1032125",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032125"
}
]
}
}

180
2015/1xxx/CVE-2015-1214.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1214",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=445810",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=445810"
},
{
"name" : "https://skia.googlesource.com/skia/+/23d432080cb8506bf8e371b1637ce8f2de9c0c05",
"refsource" : "CONFIRM",
"url" : "https://skia.googlesource.com/skia/+/23d432080cb8506bf8e371b1637ce8f2de9c0c05"
},
{
"name" : "GLSA-201503-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-12"
},
{
"name" : "RHSA-2015:0627",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0627.html"
},
{
"name" : "USN-2521-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2521-1"
},
{
"name" : "72901",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72901"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the SkAutoSTArray implementation in include/core/SkTemplates.h in the filters implementation in Skia, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a reset action with a large count value, leading to an out-of-bounds write operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2521-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2521-1"
},
{
"name": "72901",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72901"
},
{
"name": "GLSA-201503-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"name": "RHSA-2015:0627",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=445810",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=445810"
},
{
"name": "https://skia.googlesource.com/skia/+/23d432080cb8506bf8e371b1637ce8f2de9c0c05",
"refsource": "CONFIRM",
"url": "https://skia.googlesource.com/skia/+/23d432080cb8506bf8e371b1637ce8f2de9c0c05"
}
]
}
}

150
2015/1xxx/CVE-2015-1232.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1232",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=456516",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=456516"
},
{
"name" : "https://codereview.chromium.org/907793002",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/907793002"
},
{
"name" : "GLSA-201503-12",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-12"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in the MidiManagerUsb::DispatchSendMidiData function in media/midi/midi_manager_usb.cc in Google Chrome before 41.0.2272.76 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging renderer access to provide an invalid port index that triggers an out-of-bounds write operation, a different vulnerability than CVE-2015-1212."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://codereview.chromium.org/907793002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/907793002"
},
{
"name": "GLSA-201503-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=456516",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=456516"
}
]
}
}

34
2015/1xxx/CVE-2015-1439.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1439",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1439",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

180
2015/1xxx/CVE-2015-1848.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/attachment.cgi?id=1009855",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/attachment.cgi?id=1009855"
},
{
"name" : "FEDORA-2015-8761",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html"
},
{
"name" : "FEDORA-2015-8765",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html"
},
{
"name" : "FEDORA-2015-8788",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html"
},
{
"name" : "RHSA-2015:0980",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0980.html"
},
{
"name" : "RHSA-2015:0990",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0990.html"
},
{
"name" : "74623",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74623"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. NOTE: this issue was SPLIT per ADT2 due to different vulnerability types. CVE-2015-3983 is for the issue with not setting the HTTPOnly flag."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:0990",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0990.html"
},
{
"name": "FEDORA-2015-8761",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159374.html"
},
{
"name": "https://bugzilla.redhat.com/attachment.cgi?id=1009855",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/attachment.cgi?id=1009855"
},
{
"name": "RHSA-2015:0980",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0980.html"
},
{
"name": "FEDORA-2015-8765",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159412.html"
},
{
"name": "FEDORA-2015-8788",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/159401.html"
},
{
"name": "74623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74623"
}
]
}
}

180
2015/4xxx/CVE-2015-4454.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4454",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4454",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.cacti.net/view.php?id=2572",
"refsource" : "CONFIRM",
"url" : "http://bugs.cacti.net/view.php?id=2572"
},
{
"name" : "http://www.cacti.net/release_notes_0_8_8d.php",
"refsource" : "CONFIRM",
"url" : "http://www.cacti.net/release_notes_0_8_8d.php"
},
{
"name" : "DSA-3295",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3295"
},
{
"name" : "FEDORA-2016-4a5ce6a6c0",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183454.html"
},
{
"name" : "FEDORA-2016-852a39e085",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183919.html"
},
{
"name" : "FEDORA-2016-a8e2be0fe6",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183449.html"
},
{
"name" : "75270",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75270"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the get_hash_graph_template function in lib/functions.php in Cacti before 0.8.8d allows remote attackers to execute arbitrary SQL commands via the graph_template_id parameter to graph_templates.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-a8e2be0fe6",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183449.html"
},
{
"name": "http://www.cacti.net/release_notes_0_8_8d.php",
"refsource": "CONFIRM",
"url": "http://www.cacti.net/release_notes_0_8_8d.php"
},
{
"name": "http://bugs.cacti.net/view.php?id=2572",
"refsource": "CONFIRM",
"url": "http://bugs.cacti.net/view.php?id=2572"
},
{
"name": "FEDORA-2016-852a39e085",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183919.html"
},
{
"name": "75270",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75270"
},
{
"name": "DSA-3295",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3295"
},
{
"name": "FEDORA-2016-4a5ce6a6c0",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183454.html"
}
]
}
}

130
2015/5xxx/CVE-2015-5020.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5020",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5020",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21967923",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21967923"
},
{
"name" : "1034561",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034561"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, 3.0.0.2, and 4.0 allows remote authenticated users to bypass intended access restrictions and truncate arbitrary tables via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21967923",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967923"
},
{
"name": "1034561",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034561"
}
]
}
}

140
2015/5xxx/CVE-2015-5356.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5356",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/GetSimpleCMS/GetSimpleCMS/commit/cb1845743bd11ba74a49b6b522c080df86a17d51",
"refsource" : "CONFIRM",
"url" : "https://github.com/GetSimpleCMS/GetSimpleCMS/commit/cb1845743bd11ba74a49b6b522c080df86a17d51"
},
{
"name" : "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1059",
"refsource" : "CONFIRM",
"url" : "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1059"
},
{
"name" : "https://github.com/GetSimpleCMS/GetSimpleCMS/releases/tag/v3.3.6",
"refsource" : "CONFIRM",
"url" : "https://github.com/GetSimpleCMS/GetSimpleCMS/releases/tag/v3.3.6"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in GetSimple CMS before 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the func parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/GetSimpleCMS/GetSimpleCMS/releases/tag/v3.3.6",
"refsource": "CONFIRM",
"url": "https://github.com/GetSimpleCMS/GetSimpleCMS/releases/tag/v3.3.6"
},
{
"name": "https://github.com/GetSimpleCMS/GetSimpleCMS/commit/cb1845743bd11ba74a49b6b522c080df86a17d51",
"refsource": "CONFIRM",
"url": "https://github.com/GetSimpleCMS/GetSimpleCMS/commit/cb1845743bd11ba74a49b6b522c080df86a17d51"
},
{
"name": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1059",
"refsource": "CONFIRM",
"url": "https://github.com/GetSimpleCMS/GetSimpleCMS/issues/1059"
}
]
}
}

150
2015/5xxx/CVE-2015-5369.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends",
"refsource" : "MISC",
"url" : "https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16756",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16756"
},
{
"name" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40004",
"refsource" : "CONFIRM",
"url" : "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40004"
},
{
"name" : "1033166",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033166"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, PCS6500, and MAG PSC360 8.1 before 8.1r5, 8.0 before 8.0r13, 7.4 before 7.4r13.5, and 7.1 before 7.1r22.2 and PPS 5.1 before 5.1R5 and 5.0 before 5.0R13, when Hardware Acceleration is enabled, does not properly validate the Finished TLS handshake message, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted Finished message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends",
"refsource": "MISC",
"url": "https://vivaldi.net/en-US/blogs/entry/the-poodle-has-friends"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16756",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16756"
},
{
"name": "1033166",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033166"
},
{
"name": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40004",
"refsource": "CONFIRM",
"url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40004"
}
]
}
}

170
2015/5xxx/CVE-2015-5773.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5773",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT205030",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205030"
},
{
"name" : "https://support.apple.com/kb/HT205031",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205031"
},
{
"name" : "APPLE-SA-2015-08-13-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name" : "APPLE-SA-2015-08-13-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name" : "76343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76343"
},
{
"name" : "1033275",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted office document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT205030",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205030"
},
{
"name": "1033275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "APPLE-SA-2015-08-13-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "76343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76343"
}
]
}
}

122
2018/3xxx/CVE-2018-3871.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-07-19T00:00:00",
"ID" : "CVE-2018-3871",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Canvas Draw",
"version" : {
"version_data" : [
{
"version_value" : "ACD Systems Canvas Draw 4.0.0"
}
]
}
}
]
},
"vendor_name" : "ACD Systems"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3870."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-787: Out-of-bounds Write"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-07-19T00:00:00",
"ID": "CVE-2018-3871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Canvas Draw",
"version": {
"version_data": [
{
"version_value": "ACD Systems Canvas Draw 4.0.0"
}
]
}
}
]
},
"vendor_name": "ACD Systems"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0553",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0553"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3870."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787: Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0553",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0553"
}
]
}
}

122
2018/3xxx/CVE-2018-3878.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-07-26T00:00:00",
"ID" : "CVE-2018-3878",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SmartThings Hub STH-ETH-250",
"version" : {
"version_data" : [
{
"version_value" : "Firmware version 0.20.17"
}
]
}
}
]
},
"vendor_name" : "Samsung"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. A strncpy overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long \"region\" value in order to exploit this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer copy without checking size"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-07-26T00:00:00",
"ID": "CVE-2018-3878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartThings Hub STH-ETH-250",
"version": {
"version_data": [
{
"version_value": "Firmware version 0.20.17"
}
]
}
}
]
},
"vendor_name": "Samsung"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0555",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. A strncpy overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long \"region\" value in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer copy without checking size"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0555",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0555"
}
]
}
}

160
2018/6xxx/CVE-2018-6003.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6003",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6003",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1535926",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1535926"
},
{
"name" : "https://bugzilla.suse.com/show_bug.cgi?id=1076832",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.suse.com/show_bug.cgi?id=1076832"
},
{
"name" : "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910",
"refsource" : "CONFIRM",
"url" : "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910"
},
{
"name" : "DSA-4106",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the _asn1_decode_simple_ber function in decoding.c in GNU Libtasn1 before 4.13. Unlimited recursion in the BER decoder leads to stack exhaustion and DoS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910",
"refsource": "CONFIRM",
"url": "https://gitlab.com/gnutls/libtasn1/commit/946565d8eb05fbf7970ea366e817581bb5a90910"
},
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1076832",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1076832"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1535926",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1535926"
},
{
"name": "DSA-4106",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4106"
},
{
"name": "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97",
"refsource": "CONFIRM",
"url": "http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/?id=c593ae84cfcde8fea45787e53950e0ac71e9ca97"
}
]
}
}

130
2018/6xxx/CVE-2018-6235.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@trendmicro.com",
"ID" : "CVE-2018-6235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Trend Micro Maximum Security",
"version" : {
"version_data" : [
{
"version_value" : "2018"
}
]
}
}
]
},
"vendor_name" : "Trend Micro"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out-of-Bounds Write Privilege Escalation"
}
"CVE_data_meta": {
"ASSIGNER": "security@trendmicro.com",
"ID": "CVE-2018-6235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Trend Micro Maximum Security",
"version": {
"version_data": [
{
"version_value": "2018"
}
]
}
}
]
},
"vendor_name": "Trend Micro"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-269/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-269/"
},
{
"name" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx",
"refsource" : "CONFIRM",
"url" : "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An Out-of-Bounds write privilege escalation vulnerability in Trend Micro Maximum Security (Consumer) 2018 could allow a local attacker to escalate privileges on vulnerable installations due to a flaw within processing of IOCTL 0x222814 by the tmnciesc.sys driver. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out-of-Bounds Write Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-269/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-269/"
},
{
"name": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx",
"refsource": "CONFIRM",
"url": "https://esupport.trendmicro.com/en-us/home/pages/technical-support/1119591.aspx"
}
]
}
}

150
2018/6xxx/CVE-2018-6527.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6527",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6527",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
"refsource" : "MISC",
"url" : "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"name" : "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
"refsource" : "CONFIRM",
"url" : "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"name" : "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
"refsource" : "CONFIRM",
"url" : "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"name" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
"refsource" : "CONFIRM",
"url" : "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-868L/REVA/DIR-868L_REVA_FIRMWARE_PATCH_NOTES_1.20B01_EN_WW.pdf"
},
{
"name": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://FTP2.DLINK.COM/SECURITY_ADVISEMENTS/DIR-860L/REVA/DIR-860L_REVA_FIRMWARE_PATCH_NOTES_1.11B01_EN_WW.pdf"
},
{
"name": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto",
"refsource": "MISC",
"url": "https://github.com/TheBeeMan/Pwning-multiple-dlink-router-via-SOAP-proto"
},
{
"name": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf",
"refsource": "CONFIRM",
"url": "ftp://ftp2.dlink.com/SECURITY_ADVISEMENTS/DIR-865L/REVA/DIR-865L_REVA_FIRMWARE_PATCH_NOTES_1.10B01_EN_WW.pdf"
}
]
}
}

34
2018/6xxx/CVE-2018-6847.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6847",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6847",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/6xxx/CVE-2018-6904.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6904",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6904",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://0day4u.wordpress.com/2018/03/12/car-rental-script-stored-xss/",
"refsource" : "MISC",
"url" : "https://0day4u.wordpress.com/2018/03/12/car-rental-script-stored-xss/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://0day4u.wordpress.com/2018/03/12/car-rental-script-stored-xss/",
"refsource": "MISC",
"url": "https://0day4u.wordpress.com/2018/03/12/car-rental-script-stored-xss/"
}
]
}
}

120
2018/6xxx/CVE-2018-6944.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6944",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://packetstormsecurity.com/files/146403/WordPress-UltimateMember-2.0-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/146403/WordPress-UltimateMember-2.0-Cross-Site-Scripting.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for WordPress has a cross-site scripting vulnerability because it fails to properly sanitize user input passed to the $temp variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/146403/WordPress-UltimateMember-2.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/146403/WordPress-UltimateMember-2.0-Cross-Site-Scripting.html"
}
]
}
}

34
2018/7xxx/CVE-2018-7426.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7426",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7426",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7965.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7965",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-7965",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2018. Notes: none."
}
]
}
}

152
2018/8xxx/CVE-2018-8299.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8299",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft SharePoint",
"version" : {
"version_data" : [
{
"version_value" : "Enterprise Server 2013 Service Pack 1"
},
{
"version_value" : "Enterprise Server 2016"
},
{
"version_value" : "Foundation 2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8299",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft SharePoint",
"version": {
"version_data": [
{
"version_value": "Enterprise Server 2013 Service Pack 1"
},
{
"version_value": "Enterprise Server 2016"
},
{
"version_value": "Foundation 2013 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8299",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8299"
},
{
"name" : "104610",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104610"
},
{
"name" : "1041261",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041261"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka \"Microsoft SharePoint Elevation of Privilege Vulnerability.\" This affects Microsoft SharePoint. This CVE ID is unique from CVE-2018-8323."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8299",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8299"
},
{
"name": "104610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104610"
},
{
"name": "1041261",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041261"
}
]
}
}

164
2018/8xxx/CVE-2018-8914.json
View File

@ -1,84 +1,84 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@synology.com",
"DATE_PUBLIC" : "2018-05-10T00:00:00",
"ID" : "CVE-2018-8914",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Media Server",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "1.7.6-2842"
},
{
"affected" : "<",
"version_value" : "1.4-2654"
}
]
}
}
]
},
"vendor_name" : "Synology"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 7.3,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "NONE",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Neutralization of Special Elements used in an SQL Command (CWE-89)"
}
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2018-05-10T00:00:00",
"ID": "CVE-2018-8914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Media Server",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "1.7.6-2842"
},
{
"affected": "<",
"version_value": "1.4-2654"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.synology.com/en-global/support/security/Synology_SA_18_04",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/en-global/support/security/Synology_SA_18_04"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in UPnP DMA in Synology Media Server before 1.7.6-2842 and before 1.4-2654 allows remote attackers to execute arbitrary SQL commands via the ObjectID parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Special Elements used in an SQL Command (CWE-89)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/en-global/support/security/Synology_SA_18_04",
"refsource": "CONFIRM",
"url": "https://www.synology.com/en-global/support/security/Synology_SA_18_04"
}
]
}
}