admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 05:01:03 +00:00
parent e507f2841c
commit 5e8062fc75
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
51 changed files with 3592 additions and 3592 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
1999/1xxx/CVE-1999-1275.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1275",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1275",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19970908 Password unsecurity in cc:Mail release 8",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/9478"
},
{
"name" : "lotus-ccmail-passwords(1619)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1619"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "lotus-ccmail-passwords(1619)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1619"
},
{
"name": "19970908 Password unsecurity in cc:Mail release 8",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/9478"
}
]
}
}

34
2005/0xxx/CVE-2005-0168.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0168",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-0168",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}

130
2005/2xxx/CVE-2005-2022.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2022",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2022",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "101770",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101770-1"
},
{
"name" : "ADV-2005-0816",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0816"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-0816",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0816"
},
{
"name": "101770",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101770-1"
}
]
}
}

120
2005/2xxx/CVE-2005-2541.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2541",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050804 tar preserves setuid bit",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112327628230258&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050804 tar preserves setuid bit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112327628230258&w=2"
}
]
}
}

140
2005/2xxx/CVE-2005-2683.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050822 SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112474427221031&w=2"
},
{
"name" : "14629",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14629"
},
{
"name" : "16531",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16531/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14629"
},
{
"name": "16531",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16531/"
},
{
"name": "20050822 SQL Injection and PHP Code Injection Vulnerabilities in PHPKit 1.6.1",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112474427221031&w=2"
}
]
}
}

220
2005/2xxx/CVE-2005-2919.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2919",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=356974",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=356974"
},
{
"name" : "DSA-824",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-824"
},
{
"name" : "GLSA-200509-13",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml"
},
{
"name" : "MDKSA-2005:166",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:166"
},
{
"name" : "SUSE-SA:2005:055",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_55_clamav.html"
},
{
"name" : "14867",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14867"
},
{
"name" : "ADV-2005-1774",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1774"
},
{
"name" : "19507",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19507"
},
{
"name" : "16989",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16989"
},
{
"name" : "16848",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16848"
},
{
"name" : "clam-antivirus-fsg-dos(22308)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22308"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2005:055",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_55_clamav.html"
},
{
"name": "19507",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19507"
},
{
"name": "16989",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16989"
},
{
"name": "DSA-824",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-824"
},
{
"name": "clam-antivirus-fsg-dos(22308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22308"
},
{
"name": "MDKSA-2005:166",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:166"
},
{
"name": "GLSA-200509-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml"
},
{
"name": "16848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16848"
},
{
"name": "14867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14867"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=356974",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=356974"
},
{
"name": "ADV-2005-1774",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1774"
}
]
}
}

220
2005/3xxx/CVE-2005-3258.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3258",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain \"odd\" responses."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-3258",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"
},
{
"name" : "SUSE-SR:2005:027",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"name" : "ADV-2005-2151",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2151"
},
{
"name" : "1015085",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015085"
},
{
"name" : "17271",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17271"
},
{
"name" : "17287",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17287"
},
{
"name" : "17338",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17338"
},
{
"name" : "17407",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17407"
},
{
"name" : "17513",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17513"
},
{
"name" : "17626",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17626"
},
{
"name" : "17645",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17645"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain \"odd\" responses."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17626"
},
{
"name": "1015085",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015085"
},
{
"name": "17287",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17287"
},
{
"name": "17513",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17513"
},
{
"name": "17338",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17338"
},
{
"name": "17645",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17645"
},
{
"name": "17271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17271"
},
{
"name": "ADV-2005-2151",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2151"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE11-rfc1738_do_escape"
},
{
"name": "SUSE-SR:2005:027",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_27_sr.html"
},
{
"name": "17407",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17407"
}
]
}
}

290
2005/3xxx/CVE-2005-3313.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3313",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers to cause a denial of service (infinite loop)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "GLSA-200510-25",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml"
},
{
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00022.html",
"refsource" : "CONFIRM",
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00022.html"
},
{
"name" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00005.html",
"refsource" : "CONFIRM",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00005.html"
},
{
"name" : "RHSA-2006:0156",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0156.html"
},
{
"name" : "20060201-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U"
},
{
"name" : "SUSE-SR:2006:005",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name" : "SUSE-SR:2005:025",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"name" : "15219",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15219"
},
{
"name" : "oval:org.mitre.oval:def:10616",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10616"
},
{
"name" : "1015414",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015414"
},
{
"name" : "17370",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17370"
},
{
"name" : "17377",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17377"
},
{
"name" : "18426",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18426"
},
{
"name" : "19130",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19130"
},
{
"name" : "19230",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19230"
},
{
"name" : "17480",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17480"
},
{
"name" : "18331",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18331"
},
{
"name" : "18911",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18911"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers to cause a denial of service (infinite loop)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200510-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-25.xml"
},
{
"name": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00005.html",
"refsource": "CONFIRM",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00005.html"
},
{
"name": "SUSE-SR:2006:005",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_sr.html"
},
{
"name": "17480",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17480"
},
{
"name": "18911",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18911"
},
{
"name": "19230",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19230"
},
{
"name": "RHSA-2006:0156",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2006-0156.html"
},
{
"name": "http://www.ethereal.com/appnotes/enpa-sa-00022.html",
"refsource": "CONFIRM",
"url": "http://www.ethereal.com/appnotes/enpa-sa-00022.html"
},
{
"name": "SUSE-SR:2005:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_25_sr.html"
},
{
"name": "15219",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15219"
},
{
"name": "19130",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19130"
},
{
"name": "1015414",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015414"
},
{
"name": "17370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17370"
},
{
"name": "oval:org.mitre.oval:def:10616",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10616"
},
{
"name": "20060201-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U"
},
{
"name": "17377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17377"
},
{
"name": "18426",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18426"
},
{
"name": "18331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18331"
}
]
}
}

120
2005/4xxx/CVE-2005-4025.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1015307",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Help Desk Reloaded Free Help Desk does not remove or protect install.php once installation is complete, which allows remote attackers to gain privileges via a direct request to install.php, then navigating to accountsetup.php and creating a new user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015307",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015307"
}
]
}
}

150
2005/4xxx/CVE-2005-4164.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4164",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4164",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2005-2768",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2768"
},
{
"name" : "21456",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21456"
},
{
"name" : "17885",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17885"
},
{
"name" : "phpaddressbook-view-sql-injection(23506)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23506"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpaddressbook-view-sql-injection(23506)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23506"
},
{
"name": "21456",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21456"
},
{
"name": "17885",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17885"
},
{
"name": "ADV-2005-2768",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2768"
}
]
}
}

150
2005/4xxx/CVE-2005-4239.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4239",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/php-jackknife-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/php-jackknife-xss-vuln.html"
},
{
"name" : "15841",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15841"
},
{
"name" : "ADV-2005-2877",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2877"
},
{
"name" : "18020",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18020"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2877",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2877"
},
{
"name": "http://pridels0.blogspot.com/2005/12/php-jackknife-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/php-jackknife-xss-vuln.html"
},
{
"name": "18020",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18020"
},
{
"name": "15841",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15841"
}
]
}
}

150
2005/4xxx/CVE-2005-4672.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4672",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4 parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4672",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "13260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13260"
},
{
"name" : "1013751",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013751"
},
{
"name" : "15010",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15010"
},
{
"name" : "citypostimagecropper-multiple-xss(20161)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20161"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4 parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "citypostimagecropper-multiple-xss(20161)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20161"
},
{
"name": "15010",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15010"
},
{
"name": "13260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13260"
},
{
"name": "1013751",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013751"
}
]
}
}

140
2009/2xxx/CVE-2009-2012.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2012",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through snv_110, when a CIFS server is enabled, allows local users to cause a denial of service (idpmapd daemon crash and idmapd outage) via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "260508",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-260508-1"
},
{
"name" : "35252",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35252"
},
{
"name" : "ADV-2009-1519",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1519"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through snv_110, when a CIFS server is enabled, allows local users to cause a denial of service (idpmapd daemon crash and idmapd outage) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "260508",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-260508-1"
},
{
"name": "35252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35252"
},
{
"name": "ADV-2009-1519",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1519"
}
]
}
}

160
2009/2xxx/CVE-2009-2491.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2491",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to access the sessions of arbitrary users via unknown vectors related to \"resource leaks.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2491",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-06-1",
"refsource" : "CONFIRM",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-06-1"
},
{
"name" : "253889",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253889-1"
},
{
"name" : "55978",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55978"
},
{
"name" : "ADV-2009-1915",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1915"
},
{
"name" : "sunray-utaudiod-unauth-access(51742)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51742"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when Solaris Trusted Extensions is enabled, allows local users to access the sessions of arbitrary users via unknown vectors related to \"resource leaks.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "253889",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253889-1"
},
{
"name": "55978",
"refsource": "OSVDB",
"url": "http://osvdb.org/55978"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-06-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-06-1"
},
{
"name": "sunray-utaudiod-unauth-access(51742)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51742"
},
{
"name": "ADV-2009-1915",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1915"
}
]
}
}

180
2009/2xxx/CVE-2009-2588.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2588",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0907-exploits/hotscriptsclone-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0907-exploits/hotscriptsclone-xss.txt"
},
{
"name" : "56167",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56167"
},
{
"name" : "56168",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56168"
},
{
"name" : "56169",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56169"
},
{
"name" : "35892",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35892"
},
{
"name" : "ADV-2009-1979",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1979"
},
{
"name" : "hotscriptsclone-msg-xss(51911)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51911"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type PHP Clone Script allow remote attackers to inject arbitrary web script or HTML via the msg parameter to (1) feedback.php, (2) index.php, and (3) lostpassword.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0907-exploits/hotscriptsclone-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/hotscriptsclone-xss.txt"
},
{
"name": "ADV-2009-1979",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1979"
},
{
"name": "hotscriptsclone-msg-xss(51911)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51911"
},
{
"name": "35892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35892"
},
{
"name": "56167",
"refsource": "OSVDB",
"url": "http://osvdb.org/56167"
},
{
"name": "56168",
"refsource": "OSVDB",
"url": "http://osvdb.org/56168"
},
{
"name": "56169",
"refsource": "OSVDB",
"url": "http://osvdb.org/56169"
}
]
}
}

160
2009/3xxx/CVE-2009-3312.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3312",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in php/init.poll.php in phpPollScript 1.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a crafted URL in the include_class parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9703",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9703"
},
{
"name" : "58181",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/58181"
},
{
"name" : "36730",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36730"
},
{
"name" : "ADV-2009-2686",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2686"
},
{
"name" : "phppollscript-initpoll-file-include(53316)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in php/init.poll.php in phpPollScript 1.3 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a crafted URL in the include_class parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9703",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9703"
},
{
"name": "58181",
"refsource": "OSVDB",
"url": "http://osvdb.org/58181"
},
{
"name": "phppollscript-initpoll-file-include(53316)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53316"
},
{
"name": "36730",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36730"
},
{
"name": "ADV-2009-2686",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2686"
}
]
}
}

130
2009/3xxx/CVE-2009-3351.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/572852",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/572852"
},
{
"name" : "36325",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36325"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/572852",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/572852"
},
{
"name": "36325",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36325"
}
]
}
}

170
2009/3xxx/CVE-2009-3463.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3463",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2009-3463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb09-16.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb09-16.html"
},
{
"name" : "36905",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36905"
},
{
"name" : "oval:org.mitre.oval:def:5677",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5677"
},
{
"name" : "1023123",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023123"
},
{
"name" : "ADV-2009-3134",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3134"
},
{
"name" : "shockwave-index-code-execution(54118)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54118"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "shockwave-index-code-execution(54118)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54118"
},
{
"name": "36905",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36905"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb09-16.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb09-16.html"
},
{
"name": "oval:org.mitre.oval:def:5677",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5677"
},
{
"name": "ADV-2009-3134",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3134"
},
{
"name": "1023123",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023123"
}
]
}
}

160
2009/3xxx/CVE-2009-3665.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3665",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) i parameter or (2) v parameters in a register action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3665",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090909 Nullam Blog Multiple Remote Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506380/100/0/threaded"
},
{
"name" : "9625",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9625"
},
{
"name" : "57920",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/57920"
},
{
"name" : "36648",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36648"
},
{
"name" : "nullam-index-sql-injection(53218)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53218"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in Nullam Blog 0.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) i parameter or (2) v parameters in a register action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9625",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9625"
},
{
"name": "nullam-index-sql-injection(53218)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53218"
},
{
"name": "57920",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/57920"
},
{
"name": "20090909 Nullam Blog Multiple Remote Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506380/100/0/threaded"
},
{
"name": "36648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36648"
}
]
}
}

34
2009/3xxx/CVE-2009-3679.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3679",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-3679",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}

160
2009/4xxx/CVE-2009-4386.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4386",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091211 B2C Booking Centre Systems - SQL Injection Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508429/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.org/0912-exploits/b2cbcs-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0912-exploits/b2cbcs-sql.txt"
},
{
"name" : "10393",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10393"
},
{
"name" : "32430",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/32430"
},
{
"name" : "ADV-2009-3538",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3538"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "10393",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10393"
},
{
"name": "32430",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32430"
},
{
"name": "http://packetstormsecurity.org/0912-exploits/b2cbcs-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0912-exploits/b2cbcs-sql.txt"
},
{
"name": "20091211 B2C Booking Centre Systems - SQL Injection Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508429/100/0/threaded"
},
{
"name": "ADV-2009-3538",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3538"
}
]
}
}

150
2009/4xxx/CVE-2009-4475.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4475",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9593",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9593"
},
{
"name" : "http://packetstormsecurity.org/0909-exploits/joomlajoomlub-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0909-exploits/joomlajoomlub-sql.txt"
},
{
"name" : "36287",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36287"
},
{
"name" : "36607",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36607"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Joomlub (com_joomlub) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the aid parameter in an auction edit action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0909-exploits/joomlajoomlub-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0909-exploits/joomlajoomlub-sql.txt"
},
{
"name": "36287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36287"
},
{
"name": "9593",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9593"
},
{
"name": "36607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36607"
}
]
}
}

140
2009/4xxx/CVE-2009-4644.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.portcullis-security.com/338.php",
"refsource" : "MISC",
"url" : "http://www.portcullis-security.com/338.php"
},
{
"name" : "38176",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38176"
},
{
"name" : "fta-menushell-command-execution(56248)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56248"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "38176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38176"
},
{
"name": "http://www.portcullis-security.com/338.php",
"refsource": "MISC",
"url": "http://www.portcullis-security.com/338.php"
},
{
"name": "fta-menushell-command-execution(56248)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56248"
}
]
}
}

120
2009/4xxx/CVE-2009-4745.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4745",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) sortField, (2) sortDesc, or (3) pageNumber parameter in a login action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091008 DreamPoll 3.1 Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507039/100/0/threaded"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in index.php in Dreamlevels DreamPoll 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) sortField, (2) sortDesc, or (3) pageNumber parameter in a login action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091008 DreamPoll 3.1 Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507039/100/0/threaded"
}
]
}
}

170
2009/4xxx/CVE-2009-4777.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4777",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service (\"abnormal\" termination) via vectors related to the display of an \"invalid GIF file.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-016/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-016/index.html"
},
{
"name" : "36311",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36311"
},
{
"name" : "57832",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/57832"
},
{
"name" : "36646",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36646"
},
{
"name" : "ADV-2009-2576",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2576"
},
{
"name" : "hitachi-gif-dos(53115)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53115"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service (\"abnormal\" termination) via vectors related to the display of an \"invalid GIF file.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-016/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-016/index.html"
},
{
"name": "hitachi-gif-dos(53115)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53115"
},
{
"name": "36646",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36646"
},
{
"name": "ADV-2009-2576",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2576"
},
{
"name": "57832",
"refsource": "OSVDB",
"url": "http://osvdb.org/57832"
},
{
"name": "36311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36311"
}
]
}
}

140
2009/4xxx/CVE-2009-4965.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4965",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4965",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
},
{
"name" : "36130",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36130"
},
{
"name" : "ADV-2009-2411",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2411"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-2411",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2411"
},
{
"name": "36130",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36130"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-013/"
}
]
}
}

150
2015/0xxx/CVE-2015-0434.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0434",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect confidentiality via vectors related to Integration with OAM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "72226",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72226"
},
{
"name" : "62473",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62473"
},
{
"name" : "oracle-cpujan2015-cve20150434(100081)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100081"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect confidentiality via vectors related to Integration with OAM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "62473",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62473"
},
{
"name": "72226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72226"
},
{
"name": "oracle-cpujan2015-cve20150434(100081)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100081"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
}
]
}
}

220
2015/0xxx/CVE-2015-0563.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0563",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-0563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2015-04.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2015-04.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10823",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10823"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=611cfd00c283e7a77a2f1fd89c01b0b9f691411b",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=611cfd00c283e7a77a2f1fd89c01b0b9f691411b"
},
{
"name" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=854157883bd1972e012c65c0418a9732ef5d9fb0",
"refsource" : "CONFIRM",
"url" : "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=854157883bd1972e012c65c0418a9732ef5d9fb0"
},
{
"name" : "http://advisories.mageia.org/MGASA-2015-0019.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2015-0019.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name" : "MDVSA-2015:022",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:022"
},
{
"name" : "openSUSE-SU-2015:0113",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html"
},
{
"name" : "71916",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71916"
},
{
"name" : "62612",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62612"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 uses an incorrect length value for certain string-append operations, which allows remote attackers to cause a denial of service (application crash) via a crafted packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://advisories.mageia.org/MGASA-2015-0019.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0019.html"
},
{
"name": "62612",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62612"
},
{
"name": "MDVSA-2015:022",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:022"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10823",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10823"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=611cfd00c283e7a77a2f1fd89c01b0b9f691411b",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=611cfd00c283e7a77a2f1fd89c01b0b9f691411b"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html"
},
{
"name": "71916",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71916"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2015-04.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2015-04.html"
},
{
"name": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=854157883bd1972e012c65c0418a9732ef5d9fb0",
"refsource": "CONFIRM",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=854157883bd1972e012c65c0418a9732ef5d9fb0"
},
{
"name": "openSUSE-SU-2015:0113",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-01/msg00053.html"
}
]
}
}

140
2015/0xxx/CVE-2015-0757.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0757",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0757",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150527 Cisco Identity Services Engine Information Disclosure Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39042"
},
{
"name" : "74864",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74864"
},
{
"name" : "1032420",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032420"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) and 1.3(0.722) does not properly implement session handlers, which allows remote attackers to obtain sensitive information by reading web pages, as demonstrated by MnT reports, aka Bug ID CSCuq23140."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150527 Cisco Identity Services Engine Information Disclosure Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39042"
},
{
"name": "74864",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74864"
},
{
"name": "1032420",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032420"
}
]
}
}

130
2015/1xxx/CVE-2015-1055.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1055",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1055",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150112 Wordpress Photo Gallery 1.2.7 unauthenticated SQL injection",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jan/36"
},
{
"name" : "72015",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72015"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for WordPress allows remote attackers to execute arbitrary SQL commands via the order_by parameter in a GalleryBox action to wp-admin/admin-ajax.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72015",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72015"
},
{
"name": "20150112 Wordpress Photo Gallery 1.2.7 unauthenticated SQL injection",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jan/36"
}
]
}
}

34
2015/1xxx/CVE-2015-1162.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1162",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1162",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

220
2015/1xxx/CVE-2015-1269.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1269",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=461481",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=461481"
},
{
"name" : "https://codereview.chromium.org/1149753002",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/1149753002"
},
{
"name" : "DSA-3315",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3315"
},
{
"name" : "GLSA-201507-18",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201507-18"
},
{
"name" : "RHSA-2015:1188",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1188.html"
},
{
"name" : "openSUSE-SU-2015:1872",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-11/msg00012.html"
},
{
"name" : "openSUSE-SU-2015:1146",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-06/msg00057.html"
},
{
"name" : "USN-2652-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2652-1"
},
{
"name" : "75336",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75336"
},
{
"name" : "1032731",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032731"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:1872",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00012.html"
},
{
"name": "1032731",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032731"
},
{
"name": "75336",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75336"
},
{
"name": "https://codereview.chromium.org/1149753002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1149753002"
},
{
"name": "USN-2652-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2652-1"
},
{
"name": "RHSA-2015:1188",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1188.html"
},
{
"name": "openSUSE-SU-2015:1146",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-06/msg00057.html"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html"
},
{
"name": "GLSA-201507-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-18"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=461481",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=461481"
},
{
"name": "DSA-3315",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3315"
}
]
}
}

34
2015/1xxx/CVE-2015-1607.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1607",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1607",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2015/4xxx/CVE-2015-4717.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4717",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://owncloud.org/security/advisory/?id=oc-sa-2015-007",
"refsource" : "CONFIRM",
"url" : "https://owncloud.org/security/advisory/?id=oc-sa-2015-007"
},
{
"name" : "DSA-3373",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3373"
},
{
"name" : "76161",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76161"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $_GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service (infinite loop and log file consumption) via crafted endpoint file names."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3373",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3373"
},
{
"name": "76161",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76161"
},
{
"name": "https://owncloud.org/security/advisory/?id=oc-sa-2015-007",
"refsource": "CONFIRM",
"url": "https://owncloud.org/security/advisory/?id=oc-sa-2015-007"
}
]
}
}

34
2015/5xxx/CVE-2015-5142.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5142",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5142",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2015/5xxx/CVE-2015-5220.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5220",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5220",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255597",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1255597"
},
{
"name" : "RHSA-2015:1904",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1904.html"
},
{
"name" : "RHSA-2015:1905",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1905.html"
},
{
"name" : "RHSA-2015:1906",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1906.html"
},
{
"name" : "RHSA-2015:1907",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1907.html"
},
{
"name" : "RHSA-2015:1908",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1908.html"
},
{
"name" : "RHSA-2016:1519",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1519.html"
},
{
"name" : "1033859",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033859"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Web Console in Red Hat Enterprise Application Platform (EAP) before 6.4.4 and WildFly (formerly JBoss Application Server) allows remote attackers to cause a denial of service (memory consumption) via a large request header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1905",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1905.html"
},
{
"name": "RHSA-2015:1904",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1904.html"
},
{
"name": "RHSA-2015:1908",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1908.html"
},
{
"name": "RHSA-2016:1519",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1519.html"
},
{
"name": "RHSA-2015:1907",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1907.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1255597",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1255597"
},
{
"name": "1033859",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033859"
},
{
"name": "RHSA-2015:1906",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1906.html"
}
]
}
}

160
2015/5xxx/CVE-2015-5367.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773272",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773272"
},
{
"name" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-446601.htm",
"refsource" : "CONFIRM",
"url" : "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-446601.htm"
},
{
"name" : "HPSBHF03408",
"refsource" : "HP",
"url" : "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773272"
},
{
"name" : "76171",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76171"
},
{
"name" : "1033414",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033414"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before 12.500.00.15.1803 on EliteBook, ElitePad, Elite, ProBook, Spectre, ZBook, and mt41 Thin Client devices allows local users to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBHF03408",
"refsource": "HP",
"url": "https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773272"
},
{
"name": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-446601.htm",
"refsource": "CONFIRM",
"url": "http://www1.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-446601.htm"
},
{
"name": "1033414",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033414"
},
{
"name": "76171",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76171"
},
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773272",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04773272"
}
]
}
}

190
2018/2xxx/CVE-2018-2573.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2573",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "5.6.38 and prior"
},
{
"version_affected" : "=",
"version_value" : "5.7.20 and prior"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.6.38 and prior"
},
{
"version_affected": "=",
"version_value": "5.7.20 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180117-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
},
{
"name" : "RHSA-2018:0586",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0586"
},
{
"name" : "RHSA-2018:0587",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0587"
},
{
"name" : "USN-3537-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3537-1/"
},
{
"name" : "102710",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102710"
},
{
"name" : "1040216",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040216"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: GIS). Supported versions that are affected are 5.6.38 and prior and 5.7.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0587",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0587"
},
{
"name": "USN-3537-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3537-1/"
},
{
"name": "RHSA-2018:0586",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0586"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "102710",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102710"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180117-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180117-0002/"
},
{
"name": "1040216",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040216"
}
]
}
}

198
2018/2xxx/CVE-2018-2871.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2871",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Human Resources",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.1.1"
},
{
"version_affected" : "=",
"version_value" : "12.1.2"
},
{
"version_affected" : "=",
"version_value" : "12.1.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.4"
},
{
"version_affected" : "=",
"version_value" : "12.2.5"
},
{
"version_affected" : "=",
"version_value" : "12.2.6"
},
{
"version_affected" : "=",
"version_value" : "12.2.7"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Human Resources",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected": "=",
"version_value": "12.1.2"
},
{
"version_affected": "=",
"version_value": "12.1.3"
},
{
"version_affected": "=",
"version_value": "12.2.3"
},
{
"version_affected": "=",
"version_value": "12.2.4"
},
{
"version_affected": "=",
"version_value": "12.2.5"
},
{
"version_affected": "=",
"version_value": "12.2.6"
},
{
"version_affected": "=",
"version_value": "12.2.7"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "103834",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103834"
},
{
"name" : "1040694",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040694"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Human Resources component of Oracle E-Business Suite (subcomponent: General Utilities). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data. CVSS 3.0 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Human Resources accessible data as well as unauthorized access to critical data or complete access to all Oracle Human Resources accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040694",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040694"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "103834",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103834"
}
]
}
}

140
2018/3xxx/CVE-2018-3146.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3146",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "iLearning",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "6.1"
},
{
"version_affected" : "=",
"version_value" : "6.2"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). Supported versions that are affected are 6.1 and 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data as well as unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data as well as unauthorized update, insert or delete access to some of Oracle iLearning accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3146",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "iLearning",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "6.1"
},
{
"version_affected": "=",
"version_value": "6.2"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105646",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105646"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle iLearning component of Oracle iLearning (subcomponent: Learner Administration). Supported versions that are affected are 6.1 and 6.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data as well as unauthorized update, insert or delete access to some of Oracle iLearning accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iLearning. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iLearning, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iLearning accessible data as well as unauthorized update, insert or delete access to some of Oracle iLearning accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105646"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

34
2018/3xxx/CVE-2018-3456.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3456",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3456",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/6xxx/CVE-2018-6273.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6273",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6273",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

174
2018/6xxx/CVE-2018-6335.json
View File

@ -1,89 +1,89 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve-assign@fb.com",
"DATE_ASSIGNED" : "2018-04-13",
"ID" : "CVE-2018-6335",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HHVM",
"version" : {
"version_data" : [
{
"version_affected" : "!=>",
"version_value" : "3.25.3"
},
{
"version_affected" : "=>",
"version_value" : "3.25.0"
},
{
"version_affected" : "!=>",
"version_value" : "3.24.7"
},
{
"version_affected" : "=>",
"version_value" : "3.22.0"
},
{
"version_affected" : "!=>",
"version_value" : "3.21.11"
},
{
"version_affected" : "<",
"version_value" : "3.21.11"
}
]
}
}
]
},
"vendor_name" : "Facebook"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service (CWE-400)"
}
"CVE_data_meta": {
"ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED": "2018-04-13",
"ID": "CVE-2018-6335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HHVM",
"version": {
"version_data": [
{
"version_affected": "!=>",
"version_value": "3.25.3"
},
{
"version_affected": "=>",
"version_value": "3.25.0"
},
{
"version_affected": "!=>",
"version_value": "3.24.7"
},
{
"version_affected": "=>",
"version_value": "3.22.0"
},
{
"version_affected": "!=>",
"version_value": "3.21.11"
},
{
"version_affected": "<",
"version_value": "3.21.11"
}
]
}
}
]
},
"vendor_name": "Facebook"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56",
"refsource" : "MISC",
"url" : "https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56"
},
{
"name" : "https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html",
"refsource" : "MISC",
"url" : "https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Malformed h2 frame can cause 'std::out_of_range' exception when parsing priority meta data. This behavior can lead to denial-of-service. This affects all supported versions of HHVM (3.25.2, 3.24.6, and 3.21.10 and below) when using the proxygen server to handle HTTP2 requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service (CWE-400)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html",
"refsource": "MISC",
"url": "https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html"
},
{
"name": "https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56",
"refsource": "MISC",
"url": "https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56"
}
]
}
}

120
2018/6xxx/CVE-2018-6633.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6633",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000038."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6633",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Micropoint_POC/tree/master/mp110005/80000038",
"refsource" : "MISC",
"url" : "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Micropoint_POC/tree/master/mp110005/80000038"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Micropoint proactive defense software 2.0.20266.0146, the driver file (mp110005.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x80000038."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Micropoint_POC/tree/master/mp110005/80000038",
"refsource": "MISC",
"url": "https://github.com/ZhiyuanWang-Chengdu-Qihoo360/Micropoint_POC/tree/master/mp110005/80000038"
}
]
}
}

200
2018/7xxx/CVE-2018-7540.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7540",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180306 [SECURITY] [DLA 1300-1] xen security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html"
},
{
"name" : "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html"
},
{
"name" : "https://xenbits.xen.org/xsa/advisory-252.html",
"refsource" : "CONFIRM",
"url" : "https://xenbits.xen.org/xsa/advisory-252.html"
},
{
"name" : "https://support.citrix.com/article/CTX232655",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX232655"
},
{
"name" : "https://support.citrix.com/article/CTX232096",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX232096"
},
{
"name" : "DSA-4131",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4131"
},
{
"name" : "GLSA-201810-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201810-06"
},
{
"name" : "103174",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103174"
},
{
"name" : "1040773",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040773"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS users to cause a denial of service (host OS CPU hang) via non-preemptable L3/L4 pagetable freeing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xen.org/xsa/advisory-252.html",
"refsource": "CONFIRM",
"url": "https://xenbits.xen.org/xsa/advisory-252.html"
},
{
"name": "GLSA-201810-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-06"
},
{
"name": "1040773",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040773"
},
{
"name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html"
},
{
"name": "[debian-lts-announce] 20180306 [SECURITY] [DLA 1300-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00003.html"
},
{
"name": "103174",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103174"
},
{
"name": "DSA-4131",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4131"
},
{
"name": "https://support.citrix.com/article/CTX232655",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX232655"
},
{
"name": "https://support.citrix.com/article/CTX232096",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX232096"
}
]
}
}

310
2018/7xxx/CVE-2018-7600.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@drupal.org",
"ID" : "CVE-2018-7600",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1",
"version" : {
"version_data" : [
{
"version_value" : "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "security@drupal.org",
"ID": "CVE-2018-7600",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1",
"version": {
"version_data": [
{
"version_value": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44448",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44448/"
},
{
"name" : "44449",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44449/"
},
{
"name" : "44482",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44482/"
},
{
"name" : "[debian-lts-announce] 20180328 [SECURITY] [DLA 1325-1] drupal7 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"
},
{
"name" : "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714",
"refsource" : "MISC",
"url" : "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"
},
{
"name" : "https://github.com/a2u/CVE-2018-7600",
"refsource" : "MISC",
"url" : "https://github.com/a2u/CVE-2018-7600"
},
{
"name" : "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE",
"refsource" : "MISC",
"url" : "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"
},
{
"name" : "https://greysec.net/showthread.php?tid=2912&pid=10561",
"refsource" : "MISC",
"url" : "https://greysec.net/showthread.php?tid=2912&pid=10561"
},
{
"name" : "https://research.checkpoint.com/uncovering-drupalgeddon-2/",
"refsource" : "MISC",
"url" : "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
},
{
"name" : "https://twitter.com/RicterZ/status/979567469726613504",
"refsource" : "MISC",
"url" : "https://twitter.com/RicterZ/status/979567469726613504"
},
{
"name" : "https://twitter.com/RicterZ/status/984495201354854401",
"refsource" : "MISC",
"url" : "https://twitter.com/RicterZ/status/984495201354854401"
},
{
"name" : "https://twitter.com/arancaytar/status/979090719003627521",
"refsource" : "MISC",
"url" : "https://twitter.com/arancaytar/status/979090719003627521"
},
{
"name" : "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know",
"refsource" : "MISC",
"url" : "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"
},
{
"name" : "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/",
"refsource" : "MISC",
"url" : "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/"
},
{
"name" : "https://groups.drupal.org/security/faq-2018-002",
"refsource" : "CONFIRM",
"url" : "https://groups.drupal.org/security/faq-2018-002"
},
{
"name" : "https://www.drupal.org/sa-core-2018-002",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/sa-core-2018-002"
},
{
"name" : "https://www.synology.com/support/security/Synology_SA_18_17",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/support/security/Synology_SA_18_17"
},
{
"name" : "DSA-4156",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4156"
},
{
"name" : "103534",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103534"
},
{
"name" : "1040598",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040598"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x before 8.5.1 allows remote attackers to execute arbitrary code because of an issue affecting multiple subsystems with default or common module configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE",
"refsource": "MISC",
"url": "https://github.com/g0rx/CVE-2018-7600-Drupal-RCE"
},
{
"name": "1040598",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040598"
},
{
"name": "https://twitter.com/arancaytar/status/979090719003627521",
"refsource": "MISC",
"url": "https://twitter.com/arancaytar/status/979090719003627521"
},
{
"name": "https://twitter.com/RicterZ/status/979567469726613504",
"refsource": "MISC",
"url": "https://twitter.com/RicterZ/status/979567469726613504"
},
{
"name": "https://www.drupal.org/sa-core-2018-002",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/sa-core-2018-002"
},
{
"name": "https://www.synology.com/support/security/Synology_SA_18_17",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_17"
},
{
"name": "https://github.com/a2u/CVE-2018-7600",
"refsource": "MISC",
"url": "https://github.com/a2u/CVE-2018-7600"
},
{
"name": "44482",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44482/"
},
{
"name": "https://research.checkpoint.com/uncovering-drupalgeddon-2/",
"refsource": "MISC",
"url": "https://research.checkpoint.com/uncovering-drupalgeddon-2/"
},
{
"name": "https://groups.drupal.org/security/faq-2018-002",
"refsource": "CONFIRM",
"url": "https://groups.drupal.org/security/faq-2018-002"
},
{
"name": "DSA-4156",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4156"
},
{
"name": "[debian-lts-announce] 20180328 [SECURITY] [DLA 1325-1] drupal7 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00028.html"
},
{
"name": "44448",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44448/"
},
{
"name": "103534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103534"
},
{
"name": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/",
"refsource": "MISC",
"url": "https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/"
},
{
"name": "https://greysec.net/showthread.php?tid=2912&pid=10561",
"refsource": "MISC",
"url": "https://greysec.net/showthread.php?tid=2912&pid=10561"
},
{
"name": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714",
"refsource": "MISC",
"url": "https://blog.appsecco.com/remote-code-execution-with-drupal-core-sa-core-2018-002-95e6ecc0c714"
},
{
"name": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know",
"refsource": "MISC",
"url": "https://www.tenable.com/blog/critical-drupal-core-vulnerability-what-you-need-to-know"
},
{
"name": "https://twitter.com/RicterZ/status/984495201354854401",
"refsource": "MISC",
"url": "https://twitter.com/RicterZ/status/984495201354854401"
},
{
"name": "44449",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44449/"
}
]
}
}

140
2018/7xxx/CVE-2018-7703.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7703",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44285",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44285/"
},
{
"name" : "20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Mar/29"
},
{
"name" : "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html",
"refsource" : "MISC",
"url" : "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180312 SEC Consult SA-20180312-0 :: Multiple Critical Vulnerabilities in SecurEnvoy SecurMail",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/29"
},
{
"name": "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html",
"refsource": "MISC",
"url": "https://www.sec-consult.com/en/blog/advisories/multiple-critical-vulnerabilities-in-securenvoy-securmail/index.html"
},
{
"name": "44285",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44285/"
}
]
}
}

34
2018/7xxx/CVE-2018-7834.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7834",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7834",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7878.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7878",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7878",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

222
2018/8xxx/CVE-2018-8224.json
View File

@ -1,113 +1,113 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Server 2008",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 2"
},
{
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value" : "Itanium-Based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \"Windows Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8224",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8224"
},
{
"name" : "104381",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104381"
},
{
"name" : "1041093",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041093"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \"Windows Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2008, Windows 7, Windows Server 2008 R2."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8224",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8224"
},
{
"name": "104381",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104381"
},
{
"name": "1041093",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041093"
}
]
}
}

34
2018/8xxx/CVE-2018-8673.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8673",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8673",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}