admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:53:29 +00:00
parent ac782a7063
commit 61e4841b68
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3715 additions and 3715 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2005/0xxx/CVE-2005-0224.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0224",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 through 4.7, when running the TGA daemon, allows remote attackers to cause a denial of service via certain network traffic."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0224",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "SSRT5900",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=110726808700080&w=2"
},
{
"name" : "14082",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14082/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 through 4.7, when running the TGA daemon, allows remote attackers to cause a denial of service via certain network traffic."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14082",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14082/"
},
{
"name": "SSRT5900",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=110726808700080&w=2"
}
]
}
}

170
2005/0xxx/CVE-2005-0581.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050302 Computer Associates License Client/Server GCR Checksum Buffer Overflow",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=215&type=vulnerabilities"
},
{
"name" : "20050302 Computer Associates License Client/Server GCR Network Buffer Overflow",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=214&type=vulnerabilities"
},
{
"name" : "20050302 Computer Associates License Client/Server GETCONFIG Buffer Overflow",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=213&type=vulnerabilities"
},
{
"name" : "20050302 Computer Associates License Client and Server Invalid Command Buffer Overflow",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=210&type=vulnerabilities"
},
{
"name" : "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp",
"refsource" : "CONFIRM",
"url" : "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp"
},
{
"name" : "20050302 License Patches Are Now Available To Address Buffer Overflows",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110979326828704&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050302 License Patches Are Now Available To Address Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110979326828704&w=2"
},
{
"name": "20050302 Computer Associates License Client and Server Invalid Command Buffer Overflow",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=210&type=vulnerabilities"
},
{
"name": "20050302 Computer Associates License Client/Server GCR Checksum Buffer Overflow",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=215&type=vulnerabilities"
},
{
"name": "20050302 Computer Associates License Client/Server GETCONFIG Buffer Overflow",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=213&type=vulnerabilities"
},
{
"name": "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp",
"refsource": "CONFIRM",
"url": "http://supportconnectw.ca.com/public/ca_common_docs/security_notice.asp"
},
{
"name": "20050302 Computer Associates License Client/Server GCR Network Buffer Overflow",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=214&type=vulnerabilities"
}
]
}
}

210
2005/0xxx/CVE-2005-0828.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0828",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050318 runcms highlight.php hole",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111117241923006&w=2"
},
{
"name" : "20050319 Ciamos Highlight.php Security Hole(IHS)",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111125645312693&w=2"
},
{
"name" : "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf",
"refsource" : "MISC",
"url" : "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"
},
{
"name" : "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt",
"refsource" : "MISC",
"url" : "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt"
},
{
"name" : "12848",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12848"
},
{
"name" : "14890",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/14890"
},
{
"name" : "1013485",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013485"
},
{
"name" : "14648",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14648"
},
{
"name" : "14641",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14641"
},
{
"name" : "ciamos-file-information-disclosure(19754)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19754"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013485",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013485"
},
{
"name": "20050319 Ciamos Highlight.php Security Hole(IHS)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111125645312693&w=2"
},
{
"name": "14890",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14890"
},
{
"name": "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt",
"refsource": "MISC",
"url": "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt"
},
{
"name": "12848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12848"
},
{
"name": "14648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14648"
},
{
"name": "20050318 runcms highlight.php hole",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111117241923006&w=2"
},
{
"name": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf",
"refsource": "MISC",
"url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"
},
{
"name": "ciamos-file-information-disclosure(19754)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19754"
},
{
"name": "14641",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14641"
}
]
}
}

150
2005/0xxx/CVE-2005-0872.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0872",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0872",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050324 Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111168190630576&w=2"
},
{
"name" : "1013554",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013554"
},
{
"name" : "14659",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14659"
},
{
"name" : "topic-calendar-start-xss(19821)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19821"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "topic-calendar-start-xss(19821)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19821"
},
{
"name": "20050324 Multiple vulnerabilities in Topic Calendar 1.0.1 for phpBB",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111168190630576&w=2"
},
{
"name": "14659",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14659"
},
{
"name": "1013554",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013554"
}
]
}
}

130
2005/1xxx/CVE-2005-1614.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1614",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050513 Ultimate PHP Board (UPB) Security Advisory",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111600262424876&w=2"
},
{
"name" : "13621",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13621"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the postorder parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050513 Ultimate PHP Board (UPB) Security Advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111600262424876&w=2"
},
{
"name": "13621",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13621"
}
]
}
}

140
2005/1xxx/CVE-2005-1687.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1687",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050520 [BuHa Security] Wordpress SQL-Injection",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111661517716733&w=2"
},
{
"name" : "GLSA-200506-04",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200506-04.xml"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=88926",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=88926"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tb_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200506-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200506-04.xml"
},
{
"name": "20050520 [BuHa Security] Wordpress SQL-Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111661517716733&w=2"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=88926",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=88926"
}
]
}
}

160
2005/3xxx/CVE-2005-3439.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3439",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in Oracle Database Server 10g up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB02, (2) DB03, and (3) DB05 in Change Data Capture; (4) DB07 in Data Pump Export; and (5) DB18, (6) DB19, (7) DB20, (8) DB21, (9) DB22, (10) DB23, (11) DB24, and (12) DB25 in the Spatial component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3439",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html"
},
{
"name" : "TA05-292A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-292A.html"
},
{
"name" : "VU#210524",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/210524"
},
{
"name" : "15134",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15134"
},
{
"name" : "17250",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17250"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in Oracle Database Server 10g up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB02, (2) DB03, and (3) DB05 in Change Data Capture; (4) DB07 in Data Pump Export; and (5) DB18, (6) DB19, (7) DB20, (8) DB21, (9) DB22, (10) DB23, (11) DB24, and (12) DB25 in the Spatial component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2005-090497.html"
},
{
"name": "TA05-292A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-292A.html"
},
{
"name": "15134",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15134"
},
{
"name": "VU#210524",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/210524"
},
{
"name": "17250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17250"
}
]
}
}

190
2005/3xxx/CVE-2005-3770.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3770",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the subject in a post, or the user parameter to (2) profile.php and (3) mail.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051122 [KAPDA::#14] - PHPPost XSS and HTML Injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/417434/30/0/threaded"
},
{
"name" : "http://irannetjob.com/content/view/168/28/",
"refsource" : "MISC",
"url" : "http://irannetjob.com/content/view/168/28/"
},
{
"name" : "15524",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15524"
},
{
"name" : "15532",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15532"
},
{
"name" : "ADV-2005-2533",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2533"
},
{
"name" : "21057",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21057"
},
{
"name" : "21059",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21059"
},
{
"name" : "17706",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17706"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the subject in a post, or the user parameter to (2) profile.php and (3) mail.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17706",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17706"
},
{
"name": "21057",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21057"
},
{
"name": "15524",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15524"
},
{
"name": "http://irannetjob.com/content/view/168/28/",
"refsource": "MISC",
"url": "http://irannetjob.com/content/view/168/28/"
},
{
"name": "21059",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21059"
},
{
"name": "20051122 [KAPDA::#14] - PHPPost XSS and HTML Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417434/30/0/threaded"
},
{
"name": "15532",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15532"
},
{
"name": "ADV-2005-2533",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2533"
}
]
}
}

170
2005/3xxx/CVE-2005-3941.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3941",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3941",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/11/orca-blog-sql-inj-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/orca-blog-sql-inj-vuln.html"
},
{
"name" : "http://www.greywyvern.com/orca#blog",
"refsource" : "CONFIRM",
"url" : "http://www.greywyvern.com/orca#blog"
},
{
"name" : "15638",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15638"
},
{
"name" : "ADV-2005-2656",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2656"
},
{
"name" : "21199",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21199"
},
{
"name" : "17804",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17804"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.greywyvern.com/orca#blog",
"refsource": "CONFIRM",
"url": "http://www.greywyvern.com/orca#blog"
},
{
"name": "http://pridels0.blogspot.com/2005/11/orca-blog-sql-inj-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/orca-blog-sql-inj-vuln.html"
},
{
"name": "15638",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15638"
},
{
"name": "ADV-2005-2656",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2656"
},
{
"name": "17804",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17804"
},
{
"name": "21199",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21199"
}
]
}
}

170
2005/4xxx/CVE-2005-4381.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/caravel-cms-xss.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/caravel-cms-xss.html"
},
{
"name" : "15939",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15939"
},
{
"name" : "ADV-2005-2976",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2976"
},
{
"name" : "21833",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21833"
},
{
"name" : "21834",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21834"
},
{
"name" : "18151",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18151"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 Beta 1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fileDN and (2) folderviewer_attrs parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18151",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18151"
},
{
"name": "http://pridels0.blogspot.com/2005/12/caravel-cms-xss.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/caravel-cms-xss.html"
},
{
"name": "21833",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21833"
},
{
"name": "15939",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15939"
},
{
"name": "21834",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21834"
},
{
"name": "ADV-2005-2976",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2976"
}
]
}
}

160
2005/4xxx/CVE-2005-4578.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4578",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4578",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hitachi-support.com/security_e/vuls_e/HS05-025_e/01-e.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi-support.com/security_e/vuls_e/HS05-025_e/01-e.html"
},
{
"name" : "16067",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16067"
},
{
"name" : "22063",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22063"
},
{
"name" : "1015420",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015420"
},
{
"name" : "18213",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16067",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16067"
},
{
"name": "18213",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18213"
},
{
"name": "22063",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22063"
},
{
"name": "1015420",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015420"
},
{
"name": "http://www.hitachi-support.com/security_e/vuls_e/HS05-025_e/01-e.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi-support.com/security_e/vuls_e/HS05-025_e/01-e.html"
}
]
}
}

190
2009/0xxx/CVE-2009-0005.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT3403",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3403"
},
{
"name" : "APPLE-SA-2009-01-21",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html"
},
{
"name" : "TA09-022A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-022A.html"
},
{
"name" : "33386",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33386"
},
{
"name" : "oval:org.mitre.oval:def:6187",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6187"
},
{
"name" : "ADV-2009-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0212"
},
{
"name" : "33632",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33632"
},
{
"name" : "quicktime-h263-movie-code-execution(48158)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33386"
},
{
"name": "quicktime-h263-movie-code-execution(48158)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48158"
},
{
"name": "TA09-022A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-022A.html"
},
{
"name": "APPLE-SA-2009-01-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html"
},
{
"name": "ADV-2009-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0212"
},
{
"name": "http://support.apple.com/kb/HT3403",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3403"
},
{
"name": "oval:org.mitre.oval:def:6187",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6187"
},
{
"name": "33632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33632"
}
]
}
}

34
2009/0xxx/CVE-2009-0092.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0092",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-0092",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2009. Notes: none."
}
]
}
}

160
2009/0xxx/CVE-2009-0124.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0124",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0124",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2009/01/12/4"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=479650",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=479650"
},
{
"name" : "FEDORA-2009-0543",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00557.html"
},
{
"name" : "33543",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33543"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tqsl_verifyDataBlock function in openssl_cert.cpp in American Radio Relay League (ARRL) tqsllib 2.0 does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090112 CVE Request -- tsqllib, slurm-llnl, libnasl, libcrypt-openssl-dsa-perl, erlang, boinc-client, m2crypto",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2009/01/12/4"
},
{
"name": "33543",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33543"
},
{
"name": "FEDORA-2009-0543",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg00557.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511509"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=479650",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=479650"
}
]
}
}

130
2009/0xxx/CVE-2009-0369.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0369",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a \"Clickjacking\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7912",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7912"
},
{
"name" : "ie-onclickaction-click-hijacking(48542)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48542"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 7 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a \"Clickjacking\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7912",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7912"
},
{
"name": "ie-onclickaction-click-hijacking(48542)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48542"
}
]
}
}

160
2009/0xxx/CVE-2009-0966.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0966",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0966",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8230",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8230"
},
{
"name" : "34157",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34157"
},
{
"name" : "52789",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52789"
},
{
"name" : "34325",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34325"
},
{
"name" : "megafile-cross-file-include(49302)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49302"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in cross.php in YABSoft Mega File Hosting 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the url parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34325",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34325"
},
{
"name": "megafile-cross-file-include(49302)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49302"
},
{
"name": "8230",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8230"
},
{
"name": "52789",
"refsource": "OSVDB",
"url": "http://osvdb.org/52789"
},
{
"name": "34157",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34157"
}
]
}
}

530
2009/1xxx/CVE-2009-1180.json
View File

@ -1,267 +1,267 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1180",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=495892",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=495892"
},
{
"name" : "http://poppler.freedesktop.org/releases.html",
"refsource" : "CONFIRM",
"url" : "http://poppler.freedesktop.org/releases.html"
},
{
"name" : "DSA-1790",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1790"
},
{
"name" : "DSA-1793",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1793"
},
{
"name" : "FEDORA-2009-6973",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name" : "FEDORA-2009-6982",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name" : "FEDORA-2009-6972",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name" : "MDVSA-2009:101",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name" : "MDVSA-2010:087",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name" : "MDVSA-2011:175",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name" : "RHSA-2009:0430",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name" : "RHSA-2009:0429",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name" : "RHSA-2009:0431",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name" : "RHSA-2009:0458",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name" : "RHSA-2009:0480",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name" : "SSA:2009-129-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477"
},
{
"name" : "SUSE-SA:2009:024",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name" : "SUSE-SR:2009:010",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name" : "SUSE-SR:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name" : "VU#196617",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/196617"
},
{
"name" : "34568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34568"
},
{
"name" : "oval:org.mitre.oval:def:9926",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9926"
},
{
"name" : "1022073",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022073"
},
{
"name" : "34755",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34755"
},
{
"name" : "34291",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34291"
},
{
"name" : "34481",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34481"
},
{
"name" : "34746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34746"
},
{
"name" : "34852",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34852"
},
{
"name" : "34756",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34756"
},
{
"name" : "34959",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34959"
},
{
"name" : "34963",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34963"
},
{
"name" : "35037",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35037"
},
{
"name" : "35065",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35065"
},
{
"name" : "34991",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34991"
},
{
"name" : "35064",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35064"
},
{
"name" : "35618",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35618"
},
{
"name" : "35685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35685"
},
{
"name" : "ADV-2009-1065",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name" : "ADV-2009-1066",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name" : "ADV-2009-1076",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name" : "ADV-2009-1077",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name" : "ADV-2010-1040",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1040"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1793",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1793"
},
{
"name": "34963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34963"
},
{
"name": "DSA-1790",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1790"
},
{
"name": "35037",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35037"
},
{
"name": "ADV-2009-1077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1077"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=495892",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=495892"
},
{
"name": "35064",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35064"
},
{
"name": "ADV-2009-1066",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1066"
},
{
"name": "34481",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34481"
},
{
"name": "oval:org.mitre.oval:def:9926",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9926"
},
{
"name": "SSA:2009-129-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.578477"
},
{
"name": "RHSA-2009:0431",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0431.html"
},
{
"name": "ADV-2009-1065",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1065"
},
{
"name": "RHSA-2009:0430",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0430.html"
},
{
"name": "FEDORA-2009-6972",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00567.html"
},
{
"name": "35618",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35618"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "RHSA-2009:0480",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0480.html"
},
{
"name": "http://poppler.freedesktop.org/releases.html",
"refsource": "CONFIRM",
"url": "http://poppler.freedesktop.org/releases.html"
},
{
"name": "34568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34568"
},
{
"name": "MDVSA-2011:175",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "VU#196617",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/196617"
},
{
"name": "ADV-2010-1040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "SUSE-SA:2009:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00011.html"
},
{
"name": "RHSA-2009:0458",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0458.html"
},
{
"name": "FEDORA-2009-6982",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01291.html"
},
{
"name": "34991",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34991"
},
{
"name": "MDVSA-2009:101",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:101"
},
{
"name": "MDVSA-2010:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "ADV-2009-1076",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1076"
},
{
"name": "34756",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34756"
},
{
"name": "34291",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34291"
},
{
"name": "34755",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34755"
},
{
"name": "34852",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34852"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "FEDORA-2009-6973",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01277.html"
},
{
"name": "34959",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34959"
},
{
"name": "34746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34746"
},
{
"name": "RHSA-2009:0429",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0429.html"
},
{
"name": "1022073",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022073"
}
]
}
}

390
2009/1xxx/CVE-2009-1574.json
View File

@ -1,197 +1,197 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1574",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090429 ipsec-tools 0.7.2",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/04/29/6"
},
{
"name" : "[oss-security] 20090504 Re: ipsec-tools 0.7.2",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/05/04/3"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=497990",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=497990"
},
{
"name" : "http://support.apple.com/kb/HT3937",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3937"
},
{
"name" : "http://support.apple.com/kb/HT4298",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4298"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name" : "APPLE-SA-2009-11-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name" : "APPLE-SA-2010-12-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
},
{
"name" : "DSA-1804",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1804"
},
{
"name" : "FEDORA-2009-4291",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00725.html"
},
{
"name" : "FEDORA-2009-4298",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00746.html"
},
{
"name" : "FEDORA-2009-4394",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00789.html"
},
{
"name" : "GLSA-200905-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200905-03.xml"
},
{
"name" : "MDVSA-2009:112",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:112"
},
{
"name" : "RHSA-2009:1036",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1036.html"
},
{
"name" : "SUSE-SR:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name" : "USN-785-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-785-1"
},
{
"name" : "34765",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34765"
},
{
"name" : "oval:org.mitre.oval:def:9624",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9624"
},
{
"name" : "35113",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35113"
},
{
"name" : "35153",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35153"
},
{
"name" : "35159",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35159"
},
{
"name" : "35212",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35212"
},
{
"name" : "35404",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35404"
},
{
"name" : "35685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35685"
},
{
"name" : "ADV-2009-3184",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name" : "ipsectools-isakmpfrag-dos(50412)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50412"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote attackers to cause a denial of service (crash) via crafted fragmented packets without a payload, which triggers a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ipsectools-isakmpfrag-dos(50412)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50412"
},
{
"name": "USN-785-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-785-1"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=74601&release_id=677611"
},
{
"name": "35159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35159"
},
{
"name": "FEDORA-2009-4394",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00789.html"
},
{
"name": "[oss-security] 20090429 ipsec-tools 0.7.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/04/29/6"
},
{
"name": "34765",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34765"
},
{
"name": "RHSA-2009:1036",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1036.html"
},
{
"name": "35113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35113"
},
{
"name": "oval:org.mitre.oval:def:9624",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9624"
},
{
"name": "35404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35404"
},
{
"name": "[oss-security] 20090504 Re: ipsec-tools 0.7.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/04/3"
},
{
"name": "35212",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35212"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=497990",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=497990"
},
{
"name": "APPLE-SA-2010-12-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Dec/msg00001.html"
},
{
"name": "GLSA-200905-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200905-03.xml"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "FEDORA-2009-4298",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00746.html"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4298",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4298"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name": "35153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35153"
},
{
"name": "FEDORA-2009-4291",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-May/msg00725.html"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "DSA-1804",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1804"
},
{
"name": "MDVSA-2009:112",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:112"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
}
]
}
}

140
2009/4xxx/CVE-2009-4827.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4827",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "10433",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10433"
},
{
"name" : "37750",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37750"
},
{
"name" : "ADV-2009-3533",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3533"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in admin.php in Mail Manager Pro allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a change action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37750",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37750"
},
{
"name": "ADV-2009-3533",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3533"
},
{
"name": "10433",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10433"
}
]
}
}

200
2012/2xxx/CVE-2012-2105.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2105",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120302 Timesheet Next Gen 1.5.2 Multiple SQLi",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-03/0011.html"
},
{
"name" : "18554",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18554"
},
{
"name" : "[oss-security] 20120416 CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/16/4"
},
{
"name" : "[oss-security] 20120416 Re: CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/16/7"
},
{
"name" : "http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122",
"refsource" : "MISC",
"url" : "http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122"
},
{
"name" : "52270",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52270"
},
{
"name" : "79804",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/79804"
},
{
"name" : "48239",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48239"
},
{
"name" : "timesheetnextgen-login-sql-injection(73680)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/73680"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in login.php in Timesheet Next Gen 1.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120416 Re: CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/16/7"
},
{
"name": "48239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48239"
},
{
"name": "52270",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52270"
},
{
"name": "http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122",
"refsource": "MISC",
"url": "http://sourceforge.net/apps/mantisbt/tsheetx/view.php?id=122"
},
{
"name": "18554",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18554"
},
{
"name": "[oss-security] 20120416 CVE-request: Timesheet Next Gen 1.5.2 Multiple SQLi",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/16/4"
},
{
"name": "timesheetnextgen-login-sql-injection(73680)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73680"
},
{
"name": "20120302 Timesheet Next Gen 1.5.2 Multiple SQLi",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0011.html"
},
{
"name": "79804",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/79804"
}
]
}
}

190
2012/2xxx/CVE-2012-2721.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2721",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the \"access content\" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2721",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name" : "http://drupal.org/node/1619810",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1619810"
},
{
"name" : "http://drupal.org/node/1619736",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1619736"
},
{
"name" : "http://drupalcode.org/project/og.git/commitdiff/1485708",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/og.git/commitdiff/1485708"
},
{
"name" : "53838",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53838"
},
{
"name" : "82728",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/82728"
},
{
"name" : "49397",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49397"
},
{
"name" : "organicgroups-permission-security-bypass(76150)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default views in the Organic Groups (OG) module 6.x-2.x before 6.x-2.4 for Drupal do not properly check permissions when all users have the \"access content\" permission removed, which allows remote attackers to bypass access restrictions and possibly have other unspecified impact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53838",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53838"
},
{
"name": "http://drupal.org/node/1619736",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1619736"
},
{
"name": "82728",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82728"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "http://drupalcode.org/project/og.git/commitdiff/1485708",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/og.git/commitdiff/1485708"
},
{
"name": "organicgroups-permission-security-bypass(76150)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76150"
},
{
"name": "http://drupal.org/node/1619810",
"refsource": "MISC",
"url": "http://drupal.org/node/1619810"
},
{
"name": "49397",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49397"
}
]
}
}

34
2012/2xxx/CVE-2012-2838.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2838",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2838",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/2xxx/CVE-2012-2861.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2861",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2861",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

190
2012/6xxx/CVE-2012-6430.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6430",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6430",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20130109 Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2013-01/0035.html"
},
{
"name" : "http://packetstormsecurity.com/files/119422/Quick.Cms-5.0-Quick.Cart-6.0-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/119422/Quick.Cms-5.0-Quick.Cart-6.0-Cross-Site-Scripting.html"
},
{
"name" : "https://www.htbridge.com/advisory/HTB23135",
"refsource" : "MISC",
"url" : "https://www.htbridge.com/advisory/HTB23135"
},
{
"name" : "89119",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/89119"
},
{
"name" : "89120",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/89120"
},
{
"name" : "51769",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51769"
},
{
"name" : "51813",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51813"
},
{
"name" : "quickcms-quickcart-admin-xss(81169)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/81169"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "89120",
"refsource": "OSVDB",
"url": "http://osvdb.org/89120"
},
{
"name": "89119",
"refsource": "OSVDB",
"url": "http://osvdb.org/89119"
},
{
"name": "51813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51813"
},
{
"name": "51769",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51769"
},
{
"name": "http://packetstormsecurity.com/files/119422/Quick.Cms-5.0-Quick.Cart-6.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/119422/Quick.Cms-5.0-Quick.Cart-6.0-Cross-Site-Scripting.html"
},
{
"name": "https://www.htbridge.com/advisory/HTB23135",
"refsource": "MISC",
"url": "https://www.htbridge.com/advisory/HTB23135"
},
{
"name": "20130109 Cross-Site Scripting (XSS) vulnerability in Quick.Cms and Quick.Cart",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-01/0035.html"
},
{
"name": "quickcms-quickcart-admin-xss(81169)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81169"
}
]
}
}

130
2012/6xxx/CVE-2012-6466.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6466",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6466",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.opera.com/docs/changelogs/unified/1210/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unified/1210/"
},
{
"name" : "http://www.opera.com/support/kb/view/1035/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/kb/view/1035/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 12.10 does not properly handle incorrect size data in a WebP image, which allows remote attackers to obtain potentially sensitive information from process memory by using a crafted image as the fill pattern for a canvas."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/support/kb/view/1035/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/1035/"
},
{
"name": "http://www.opera.com/docs/changelogs/unified/1210/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unified/1210/"
}
]
}
}

160
2012/6xxx/CVE-2012-6617.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6617",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6617",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d"
},
{
"name" : "http://www.ffmpeg.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://www.ffmpeg.org/security.html"
},
{
"name" : "https://trac.ffmpeg.org/ticket/1986",
"refsource" : "CONFIRM",
"url" : "https://trac.ffmpeg.org/ticket/1986"
},
{
"name" : "93232",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/93232"
},
{
"name" : "51964",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51964"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The prepare_sdp_description function in ffserver.c in FFmpeg before 1.0.2 allows remote attackers to cause a denial of service (crash) via vectors related to the rtp format."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "93232",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/93232"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d"
},
{
"name": "https://trac.ffmpeg.org/ticket/1986",
"refsource": "CONFIRM",
"url": "https://trac.ffmpeg.org/ticket/1986"
},
{
"name": "http://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://www.ffmpeg.org/security.html"
},
{
"name": "51964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51964"
}
]
}
}

130
2015/1xxx/CVE-2015-1786.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1786",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1786",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1207781",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1207781"
},
{
"name" : "https://framework.zend.com/changelog/2.3.6",
"refsource" : "CONFIRM",
"url" : "https://framework.zend.com/changelog/2.3.6"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf in Zend Framework 2.3.x before 2.3.6 via null or malformed token identifiers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://framework.zend.com/changelog/2.3.6",
"refsource": "CONFIRM",
"url": "https://framework.zend.com/changelog/2.3.6"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1207781",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207781"
}
]
}
}

160
2015/1xxx/CVE-2015-1832.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1832",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1832",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990100",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21990100"
},
{
"name" : "https://issues.apache.org/jira/browse/DERBY-6807",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/DERBY-6807"
},
{
"name" : "https://svn.apache.org/viewvc?view=revision&revision=1691461",
"refsource" : "CONFIRM",
"url" : "https://svn.apache.org/viewvc?view=revision&revision=1691461"
},
{
"name" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource" : "CONFIRM",
"url" : "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name" : "93132",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93132"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in the SqlXmlUtil code in Apache Derby before 10.12.1.1, when a Java Security Manager is not in place, allows context-dependent attackers to read arbitrary files or cause a denial of service (resource consumption) via vectors involving XmlVTI and the XML datatype."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "https://issues.apache.org/jira/browse/DERBY-6807",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/DERBY-6807"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21990100",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21990100"
},
{
"name": "93132",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93132"
},
{
"name": "https://svn.apache.org/viewvc?view=revision&revision=1691461",
"refsource": "CONFIRM",
"url": "https://svn.apache.org/viewvc?view=revision&revision=1691461"
}
]
}
}

34
2015/1xxx/CVE-2015-1861.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1861",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1861",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2015/5xxx/CVE-2015-5186.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5186",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Audit before 2.4.4 in Linux does not sanitize escape characters in filenames."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150813 Audit: log terminal emulator escape sequences handling CVE-2015-5186",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/08/13/9"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1251621",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1251621"
},
{
"name" : "https://people.redhat.com/sgrubb/audit/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://people.redhat.com/sgrubb/audit/ChangeLog"
},
{
"name" : "76840",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76840"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Audit before 2.4.4 in Linux does not sanitize escape characters in filenames."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76840",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76840"
},
{
"name": "[oss-security] 20150813 Audit: log terminal emulator escape sequences handling CVE-2015-5186",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/13/9"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1251621",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1251621"
},
{
"name": "https://people.redhat.com/sgrubb/audit/ChangeLog",
"refsource": "CONFIRM",
"url": "https://people.redhat.com/sgrubb/audit/ChangeLog"
}
]
}
}

230
2015/5xxx/CVE-2015-5203.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5203",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150816 Double free corruption in JasPer JPEG-2000 implementation (CVE-2015-5203)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/08/16/2"
},
{
"name" : "[debian-lts-announce] 20181121 [SECURITY] [DLA 1583-1] jasper security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1254242",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1254242"
},
{
"name" : "FEDORA-2016-7776983633",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/"
},
{
"name" : "FEDORA-2016-9b17661de5",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/"
},
{
"name" : "FEDORA-2016-bbecf64af4",
"refsource" : "FEDORA",
"url" : "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/"
},
{
"name" : "GLSA-201707-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201707-07"
},
{
"name" : "RHSA-2017:1208",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name" : "openSUSE-SU-2016:2722",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html"
},
{
"name" : "openSUSE-SU-2016:2737",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html"
},
{
"name" : "openSUSE-SU-2016:2833",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html"
},
{
"name" : "USN-3693-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3693-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the jasper_image_stop_load function in JasPer 1.900.17 allows remote attackers to cause a denial of service (crash) via a crafted JPEG 2000 image file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181121 [SECURITY] [DLA 1583-1] jasper security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00023.html"
},
{
"name": "FEDORA-2016-bbecf64af4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AXWV22WGSQFDRPE7G6ECGP3QXS2V2A2M/"
},
{
"name": "GLSA-201707-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201707-07"
},
{
"name": "RHSA-2017:1208",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1208"
},
{
"name": "openSUSE-SU-2016:2737",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-11/msg00018.html"
},
{
"name": "[oss-security] 20150816 Double free corruption in JasPer JPEG-2000 implementation (CVE-2015-5203)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/16/2"
},
{
"name": "FEDORA-2016-7776983633",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UNLVBZWDEXZCFWOBZ3YVEQINMRBRX5QV/"
},
{
"name": "openSUSE-SU-2016:2722",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-11/msg00010.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1254242",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1254242"
},
{
"name": "FEDORA-2016-9b17661de5",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QIZNTZDXOJR5BTRZKCS3GVHVZV2PWHH/"
},
{
"name": "USN-3693-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3693-1/"
},
{
"name": "openSUSE-SU-2016:2833",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-11/msg00064.html"
}
]
}
}

150
2015/5xxx/CVE-2015-5423.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5423",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2015-5423",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-399",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-399"
},
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027"
},
{
"name" : "76457",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76457"
},
{
"name" : "1033362",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033362"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x before 10.24.0.1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-2884."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04771027"
},
{
"name": "76457",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76457"
},
{
"name": "1033362",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033362"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-399",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-399"
}
]
}
}

170
2015/5xxx/CVE-2015-5505.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5505",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the \"include subdomains\" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"name" : "https://www.drupal.org/node/2507563",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2507563"
},
{
"name" : "https://www.drupal.org/node/2507539",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2507539"
},
{
"name" : "https://www.drupal.org/node/2507543",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2507543"
},
{
"name" : "75276",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75276"
},
{
"name" : "1037633",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1037633"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTTP Strict Transport Security (HSTS) module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the \"include subdomains\" directive, which causes the HSTS policy to not be applied to subdomains and allows man-in-the-middle attackers to have unspecified impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2507563",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2507563"
},
{
"name": "https://www.drupal.org/node/2507539",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2507539"
},
{
"name": "75276",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75276"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"name": "https://www.drupal.org/node/2507543",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2507543"
},
{
"name": "1037633",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037633"
}
]
}
}

224
2018/11xxx/CVE-2018-11076.json
View File

@ -1,114 +1,114 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-11-20T05:00:00.000Z",
"ID" : "CVE-2018-11076",
"STATE" : "PUBLIC",
"TITLE" : "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Avamar",
"version" : {
"version_data" : [
{
"affected" : "=",
"version_value" : "7.2.0"
},
{
"affected" : "=",
"version_value" : "7.2.1"
},
{
"affected" : "=",
"version_value" : "7.3.0"
},
{
"affected" : "=",
"version_value" : "7.3.1"
},
{
"affected" : "=",
"version_value" : "7.4.0"
},
{
"affected" : "=",
"version_value" : "7.4.1"
}
]
}
},
{
"product_name" : "Integrated Data Protection Appliance ",
"version" : {
"version_data" : [
{
"affected" : "=",
"version_value" : "2.0"
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-11-20T05:00:00.000Z",
"ID": "CVE-2018-11076",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Avamar",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "7.2.0"
},
{
"affected": "=",
"version_value": "7.2.1"
},
{
"affected": "=",
"version_value": "7.3.0"
},
{
"affected": "=",
"version_value": "7.3.1"
},
{
"affected": "=",
"version_value": "7.4.0"
},
{
"affected": "=",
"version_value": "7.4.1"
}
]
}
},
{
"product_name": "Integrated Data Protection Appliance ",
"version": {
"version_data": [
{
"affected": "=",
"version_value": "2.0"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"name" : "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource" : "CONFIRM",
"url" : "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name" : "105972",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105972"
},
{
"name" : "1042153",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042153"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar Java management console's SSL/TLS private key may be leaked in the Avamar Java management client package. The private key could potentially be used by an unauthenticated attacker on the same data-link layer to initiate a MITM attack on management console users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181120 DSA-2018-154: Dell EMC Avamar and Integrated Data Protection Appliance Information Exposure Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Nov/50"
},
{
"name": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html",
"refsource": "CONFIRM",
"url": "https://www.vmware.com/security/advisories/VMSA-2018-0029.html"
},
{
"name": "105972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105972"
},
{
"name": "1042153",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042153"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

140
2018/11xxx/CVE-2018-11315.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/brannondorsey/radio-thermostat",
"refsource" : "MISC",
"url" : "https://github.com/brannondorsey/radio-thermostat"
},
{
"name" : "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325",
"refsource" : "MISC",
"url" : "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325"
},
{
"name" : "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability",
"refsource" : "MISC",
"url" : "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability",
"refsource": "MISC",
"url": "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability"
},
{
"name": "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325",
"refsource": "MISC",
"url": "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325"
},
{
"name": "https://github.com/brannondorsey/radio-thermostat",
"refsource": "MISC",
"url": "https://github.com/brannondorsey/radio-thermostat"
}
]
}
}

140
2018/11xxx/CVE-2018-11344.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11344",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11344",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180429 ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/2"
},
{
"name" : "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation",
"refsource" : "MISC",
"url" : "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation"
},
{
"name" : "https://github.com/mefulton/asustorexploit",
"refsource" : "MISC",
"url" : "https://github.com/mefulton/asustorexploit"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation",
"refsource": "MISC",
"url": "https://www.purehacking.com/blog/matthew-fulton/back-to-the-future-asustor-web-exploitation"
},
{
"name": "https://github.com/mefulton/asustorexploit",
"refsource": "MISC",
"url": "https://github.com/mefulton/asustorexploit"
},
{
"name": "20180429 ASUSTOR ADM 3.1.0.RFQ3 and below vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/2"
}
]
}
}

130
2018/11xxx/CVE-2018-11820.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11820",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",
"version" : {
"version_data" : [
{
"version_value" : "IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 800, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 800, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cryptographic Issues in Ecosystem"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11820",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 800, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.qualcomm.com/company/product-security/bulletins",
"refsource" : "CONFIRM",
"url" : "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name" : "106845",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106845"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use of non-time constant memcmp function creates side channel that leaks information and leads to cryptographic issues in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in versions IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8996AU, QCA8081, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 800, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cryptographic Issues in Ecosystem"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
},
{
"name": "106845",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106845"
}
]
}
}

34
2018/11xxx/CVE-2018-11839.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11839",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11839",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15034.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15034",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15034",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/15xxx/CVE-2018-15193.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15193",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/gogs/gogs/issues/5367",
"refsource" : "MISC",
"url" : "https://github.com/gogs/gogs/issues/5367"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/gogs/gogs/issues/5367",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/issues/5367"
}
]
}
}

172
2018/3xxx/CVE-2018-3071.json
View File

@ -1,88 +1,88 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "5.7.22 and prior"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.7.22 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"name" : "RHSA-2018:3655",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3655"
},
{
"name" : "USN-3725-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3725-1/"
},
{
"name" : "104784",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104784"
},
{
"name" : "1041294",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041294"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Audit Log). Supported versions that are affected are 5.7.22 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "USN-3725-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3725-1/"
},
{
"name": "1041294",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041294"
},
{
"name": "RHSA-2018:3655",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3655"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"name": "104784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104784"
}
]
}
}

208
2018/3xxx/CVE-2018-3251.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3251",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "5.6.41 and prior"
},
{
"version_affected" : "=",
"version_value" : "5.7.23 and prior"
},
{
"version_affected" : "=",
"version_value" : "8.0.12 and prior"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3251",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.6.41 and prior"
},
{
"version_affected": "=",
"version_value": "5.7.23 and prior"
},
{
"version_affected": "=",
"version_value": "8.0.12 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20181018-0002/"
},
{
"name" : "DSA-4341",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4341"
},
{
"name" : "RHSA-2018:3655",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3655"
},
{
"name" : "USN-3799-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3799-1/"
},
{
"name" : "105600",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105600"
},
{
"name" : "1041888",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.6.41 and prior, 5.7.23 and prior and 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4341",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4341"
},
{
"name": "1041888",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "RHSA-2018:3655",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3655"
},
{
"name": "105600",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105600"
},
{
"name": "[debian-lts-announce] 20181107 [SECURITY] [DLA 1570-1] mariadb-10.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00007.html"
},
{
"name": "USN-3799-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3799-1/"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
}
]
}
}

122
2018/3xxx/CVE-2018-3650.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2018-07-10T00:00:00",
"ID" : "CVE-2018-3650",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel Distribution for Python",
"version" : {
"version_data" : [
{
"version_value" : "Before 2018 Update 2"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-07-10T00:00:00",
"ID": "CVE-2018-3650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Distribution for Python",
"version": {
"version_data": [
{
"version_value": "Before 2018 Update 2"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00129.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00129.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Insufficient Input Validation in Bleach module in INTEL Distribution for Python versions prior to IDP 2018 Update 2 allows unprivileged user to bypass URI sanitization via local vector."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00129.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00129.html"
}
]
}
}

132
2018/3xxx/CVE-2018-3845.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2018-3845",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Perceptive Document Filters",
"version" : {
"version_data" : [
{
"version_value" : "11.4.0.2647 - x86/x64 Windows/Linux"
}
]
}
}
]
},
"vendor_name" : "Hyland Software, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote code execution"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2018-3845",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Perceptive Document Filters",
"version": {
"version_data": [
{
"version_value": "11.4.0.2647 - x86/x64 Windows/Linux"
}
]
}
}
]
},
"vendor_name": "Hyland Software, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0528",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0528"
},
{
"name" : "104023",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104023"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 Windows/Linux, a crafted OpenDocument document can lead to a SkCanvas object double free resulting in direct code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0528",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0528"
},
{
"name": "104023",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104023"
}
]
}
}

122
2018/3xxx/CVE-2018-3863.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-07-26T00:00:00",
"ID" : "CVE-2018-3863",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SmartThings Hub STH-ETH-250",
"version" : {
"version_data" : [
{
"version_value" : "Firmware version 0.20.17"
}
]
}
}
]
},
"vendor_name" : "Samsung"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long \"user\" value in order to exploit this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer copy without checking size"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-07-26T00:00:00",
"ID": "CVE-2018-3863",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SmartThings Hub STH-ETH-250",
"version": {
"version_data": [
{
"version_value": "Firmware version 0.20.17"
}
]
}
}
]
},
"vendor_name": "Samsung"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0548",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0548"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long \"user\" value in order to exploit this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer copy without checking size"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0548",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0548"
}
]
}
}

122
2018/3xxx/CVE-2018-3889.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-04-11T00:00:00",
"ID" : "CVE-2018-3889",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Computerinsel Photoline",
"version" : {
"version_data" : [
{
"version_value" : "Computerinsel Photoline 20.53 for OS X"
}
]
}
}
]
},
"vendor_name" : "Talos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out of bounds write"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-04-11T00:00:00",
"ID": "CVE-2018-3889",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Computerinsel Photoline",
"version": {
"version_data": [
{
"version_value": "Computerinsel Photoline 20.53 for OS X"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0564",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0564"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Out of bounds write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0564",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0564"
}
]
}
}

122
2018/3xxx/CVE-2018-3937.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-07-20T00:00:00",
"ID" : "CVE-2018-3937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sony",
"version" : {
"version_data" : [
{
"version_value" : "Sony IPELA E series G5 firmware 1.87.00"
}
]
}
}
]
},
"vendor_name" : "Talos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "command injection"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-07-20T00:00:00",
"ID": "CVE-2018-3937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sony",
"version": {
"version_data": [
{
"version_value": "Sony IPELA E series G5 firmware 1.87.00"
}
]
}
}
]
},
"vendor_name": "Talos"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable command injection vulnerability exists in the measurementBitrateExec functionality of Sony IPELA E Series Network Camera G5 firmware 1.87.00. A specially crafted GET request can cause arbitrary commands to be executed. An attacker can send an HTTP request to trigger this vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0604"
}
]
}
}

132
2018/8xxx/CVE-2018-8869.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-05-03T00:00:00",
"ID" : "CVE-2018-8869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "IDS 2102",
"version" : {
"version_data" : [
{
"version_value" : "2.0 and prior"
}
]
}
}
]
},
"vendor_name" : "Lantech"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "IMPROPER INPUT VALIDATION CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-03T00:00:00",
"ID": "CVE-2018-8869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "IDS 2102",
"version": {
"version_data": [
{
"version_value": "2.0 and prior"
}
]
}
}
]
},
"vendor_name": "Lantech"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01"
},
{
"name" : "104098",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104098"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for arbitrary input on the device. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "IMPROPER INPUT VALIDATION CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-123-01"
},
{
"name": "104098",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104098"
}
]
}
}