admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 03:42:47 +00:00
parent 3a8f6f7944
commit 644fbde1af
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
48 changed files with 3685 additions and 3685 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/0xxx/CVE-1999-0434.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-0434", "ID": "CVE-1999-0434",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "359", "description_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/359" "lang": "eng",
} "value": "XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/359"
}
]
}
}

130
1999/0xxx/CVE-1999-0717.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-0717", "ID": "CVE-1999-0717",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote attacker can disable the virus warning mechanism in Microsoft Excel 97."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS99-014", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-014" "lang": "eng",
}, "value": "A remote attacker can disable the virus warning mechanism in Microsoft Excel 97."
{ }
"name" : "Q231304", ]
"refsource" : "MSKB", },
"url" : "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231304" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS99-014",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-014"
},
{
"name": "Q231304",
"refsource": "MSKB",
"url": "http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231304"
}
]
}
}

120
1999/1xxx/CVE-1999-1186.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-1999-1186", "ID": "CVE-1999-1186",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "19960102 rxvt security hole", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=87602167418966&w=2" "lang": "eng",
} "value": "rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19960102 rxvt security hole",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=87602167418966&w=2"
}
]
}
}

180
2000/1xxx/CVE-2000-1212.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2000-1212", "ID": "CVE-2000-1212",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MDKSA-2000:086", "description_data": [
"refsource" : "MANDRAKE", {
"url" : "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086" "lang": "eng",
}, "value": "Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects."
{ }
"name" : "CLA-2000:365", ]
"refsource" : "CONECTIVA", },
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-007", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2001/dsa-007" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert", ]
"refsource" : "CONFIRM", }
"url" : "http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert" ]
}, },
{ "references": {
"name" : "RHSA-2000:135", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2000-135.html" "name": "MDKSA-2000:086",
}, "refsource": "MANDRAKE",
{ "url": "http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086"
"name" : "zope-image-file(5778)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5778" "name": "http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert",
}, "refsource": "CONFIRM",
{ "url": "http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert"
"name" : "6283", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/6283" "name": "DSA-007",
} "refsource": "DEBIAN",
] "url": "http://www.debian.org/security/2001/dsa-007"
} },
} {
"name": "RHSA-2000:135",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-135.html"
},
{
"name": "zope-image-file(5778)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5778"
},
{
"name": "6283",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6283"
},
{
"name": "CLA-2000:365",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365"
}
]
}
}

190
2005/2xxx/CVE-2005-2150.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2150", "ID": "CVE-2005-2150",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050707 NULL sessions vulnerabilities using alternate named pipes", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112076409813099&w=2" "lang": "eng",
}, "value": "Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does not properly prevent NULL sessions from accessing certain alternate named pipes, which allows remote attackers to (1) list Windows services via svcctl or (2) read eventlogs via eventlog."
{ }
"name" : "http://www.hsc.fr/ressources/presentations/null_sessions/", ]
"refsource" : "MISC", },
"url" : "http://www.hsc.fr/ressources/presentations/null_sessions/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14177", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14177" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "14178", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/14178" ]
}, },
{ "references": {
"name" : "1014417", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014417" "name": "http://www.hsc.fr/ressources/presentations/null_sessions/",
}, "refsource": "MISC",
{ "url": "http://www.hsc.fr/ressources/presentations/null_sessions/"
"name" : "14189", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14189" "name": "20050707 NULL sessions vulnerabilities using alternate named pipes",
}, "refsource": "BUGTRAQ",
{ "url": "http://marc.info/?l=bugtraq&m=112076409813099&w=2"
"name" : "win-name-pipe-null-information-disclosure(21286)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21286" "name": "1014417",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1014417"
"name" : "win-pipe-null-eventlog-information-disclosure(21288)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21288" "name": "14177",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/14177"
} },
} {
"name": "win-name-pipe-null-information-disclosure(21286)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21286"
},
{
"name": "14178",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14178"
},
{
"name": "win-pipe-null-eventlog-information-disclosure(21288)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21288"
},
{
"name": "14189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14189"
}
]
}
}

130
2005/2xxx/CVE-2005-2210.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2210", "ID": "CVE-2005-2210",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.ihsteam.com/download/ihsexpl/dlm.c", "description_data": [
"refsource" : "MISC", {
"url" : "http://www.ihsteam.com/download/ihsexpl/dlm.c" "lang": "eng",
}, "value": "Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL."
{ }
"name" : "1014404", ]
"refsource" : "SECTRACK", },
"url" : "http://securitytracker.com/id?1014404" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ihsteam.com/download/ihsexpl/dlm.c",
"refsource": "MISC",
"url": "http://www.ihsteam.com/download/ihsexpl/dlm.c"
},
{
"name": "1014404",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014404"
}
]
}
}

130
2005/2xxx/CVE-2005-2278.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2278", "ID": "CVE-2005-2278",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050712 CORE-2005-0629: MailEnable Buffer Overflow Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112127188609993&w=2" "lang": "eng",
}, "value": "Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name."
{ }
"name" : "http://www.coresecurity.com/common/showdoc.php?idx=467&idxseccion=10", ]
"refsource" : "MISC", },
"url" : "http://www.coresecurity.com/common/showdoc.php?idx=467&idxseccion=10" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050712 CORE-2005-0629: MailEnable Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112127188609993&w=2"
},
{
"name": "http://www.coresecurity.com/common/showdoc.php?idx=467&idxseccion=10",
"refsource": "MISC",
"url": "http://www.coresecurity.com/common/showdoc.php?idx=467&idxseccion=10"
}
]
}
}

34
2005/2xxx/CVE-2005-2418.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2005-2418", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2005-2418",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2403. Reason: This candidate is a duplicate of CVE-2005-2403. Notes: All CVE users should reference CVE-2005-2403 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2403. Reason: This candidate is a duplicate of CVE-2005-2403. Notes: All CVE users should reference CVE-2005-2403 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

160
2005/2xxx/CVE-2005-2476.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2476", "ID": "CVE-2005-2476",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050802 [NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112301600608192&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter."
{ }
"name" : "14454", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/14454" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1014613", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014613" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "16262", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/16262" ]
}, },
{ "references": {
"name" : "naxtorshoppingcart-password-xss(21676)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21676" "name": "1014613",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1014613"
} },
} {
"name": "naxtorshoppingcart-password-xss(21676)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21676"
},
{
"name": "20050802 [NOBYTES.COM: #8] Naxtor Shopping Cart 1.0 - Information Disclosure & Possible SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112301600608192&w=2"
},
{
"name": "14454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14454"
},
{
"name": "16262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16262"
}
]
}
}

830
2005/3xxx/CVE-2005-3352.json
View File

@ -1,417 +1,417 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2005-3352", "ID": "CVE-2005-3352",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=37874", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://issues.apache.org/bugzilla/show_bug.cgi?id=37874" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps."
{ }
"name" : "http://docs.info.apple.com/article.html?artnum=307562", ]
"refsource" : "CONFIRM", },
"url" : "http://docs.info.apple.com/article.html?artnum=307562" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "PK16139", ]
"refsource" : "AIXAPAR", }
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only" ]
}, },
{ "references": {
"name" : "PK25355", "reference_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=PK25355&apar=only" "name": "17319",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17319"
"name" : "APPLE-SA-2008-03-18", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html" "name": "ADV-2006-3995",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/3995"
"name" : "APPLE-SA-2008-05-28", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html" "name": "18526",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18526"
"name" : "DSA-1167", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2006/dsa-1167" "name": "20046",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20046"
"name" : "FEDORA-2006-052", },
"refsource" : "FEDORA", {
"url" : "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html" "name": "102662",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1"
"name" : "FLSA-2006:175406", },
"refsource" : "FEDORA", {
"url" : "http://www.securityfocus.com/archive/1/425399/100/0/threaded" "name": "1015344",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015344"
"name" : "GLSA-200602-03", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml" "name": "SSRT071293",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449"
"name" : "HPSBUX02145", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/445206/100/0/threaded" "name": "DSA-1167",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2006/dsa-1167"
"name" : "SSRT061202", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/445206/100/0/threaded" "name": "18339",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18339"
"name" : "HPSBUX02164", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/450321/100/0/threaded" "name": "SSRT061265",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/450321/100/0/threaded"
"name" : "HPSBUX02172", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/450315/100/0/threaded" "name": "ADV-2006-4300",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4300"
"name" : "SSRT061265", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/450321/100/0/threaded" "name": "21744",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21744"
"name" : "SSRT061269", },
"refsource" : "HP", {
"url" : "http://www.securityfocus.com/archive/1/450315/100/0/threaded" "name": "SUSE-SR:2006:004",
}, "refsource": "SUSE",
{ "url": "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html"
"name" : "HPSBMA02328", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449" "name": "18340",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18340"
"name" : "SSRT071293", },
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449" "name": "ADV-2008-1246",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1246/references"
"name" : "HPSBOV02683", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" "name": "HPSBUX02164",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/450321/100/0/threaded"
"name" : "SSRT090208", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2" "name": "SSRT061269",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/450315/100/0/threaded"
"name" : "MDKSA-2006:007", },
"refsource" : "MANDRIVA", {
"url" : "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:007" "name": "20670",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/20670"
"name" : "OpenPKG-SA-2005.029", },
"refsource" : "OPENPKG", {
"url" : "http://www.openpkg.org/security/OpenPKG-SA-2005.029-apache.txt" "name": "SSRT090208",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
"name" : "RHSA-2006:0159", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0159.html" "name": "23260",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/23260"
"name" : "RHSA-2006:0158", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0158.html" "name": "RHSA-2006:0159",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2006-0159.html"
"name" : "RHSA-2006:0692", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2006-0692.html" "name": "18008",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18008"
"name" : "20060101-01-U", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U" "name": "SUSE-SA:2006:043",
}, "refsource": "SUSE",
{ "url": "http://www.novell.com/linux/security/advisories/2006_43_apache.html"
"name" : "SSA:2006-129-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483" "name": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html"
"name" : "SSA:2006-130-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.470158" "name": "ADV-2006-2423",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/2423"
"name" : "102662", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1" "name": "ADV-2008-0924",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/0924/references"
"name" : "102663", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1" "name": "MDKSA-2006:007",
}, "refsource": "MANDRIVA",
{ "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:007"
"name" : "SUSE-SR:2006:004", },
"refsource" : "SUSE", {
"url" : "http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html" "name": "29849",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29849"
"name" : "SUSE-SA:2006:043", },
"refsource" : "SUSE", {
"url" : "http://www.novell.com/linux/security/advisories/2006_43_apache.html" "name": "18333",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18333"
"name" : "SUSE-SR:2007:011", },
"refsource" : "SUSE", {
"url" : "http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html" "name": "ADV-2006-4015",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4015"
"name" : "TSLSA-2005-0074", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2005/0074/" "name": "USN-241-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntulinux.org/usn/usn-241-1"
"name" : "USN-241-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntulinux.org/usn/usn-241-1" "name": "TA08-150A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html"
"name" : "TA08-150A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA08-150A.html" "name": "20060101-01-U",
}, "refsource": "SGI",
{ "url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
"name" : "15834", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15834" "name": "OpenPKG-SA-2005.029",
}, "refsource": "OPENPKG",
{ "url": "http://www.openpkg.org/security/OpenPKG-SA-2005.029-apache.txt"
"name" : "oval:org.mitre.oval:def:10480", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10480" "name": "22368",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22368"
"name" : "ADV-2005-2870", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2870" "name": "HPSBUX02145",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/445206/100/0/threaded"
"name" : "ADV-2006-2423", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/2423" "name": "102663",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1"
"name" : "ADV-2006-3995", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/3995" "name": "RHSA-2006:0158",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0158.html"
"name" : "ADV-2006-4015", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4015" "name": "29420",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/29420"
"name" : "ADV-2006-4300", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4300" "name": "FLSA-2006:175406",
}, "refsource": "FEDORA",
{ "url": "http://www.securityfocus.com/archive/1/425399/100/0/threaded"
"name" : "ADV-2006-4868", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4868" "name": "FEDORA-2006-052",
}, "refsource": "FEDORA",
{ "url": "http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html"
"name" : "ADV-2008-0924", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/0924/references" "name": "SUSE-SR:2007:011",
}, "refsource": "SUSE",
{ "url": "http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html"
"name" : "ADV-2008-1246", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1246/references" "name": "ADV-2006-4868",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4868"
"name" : "ADV-2008-1697", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2008/1697" "name": "APPLE-SA-2008-03-18",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
"name" : "1015344", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015344" "name": "HPSBMA02328",
}, "refsource": "HP",
{ "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449"
"name" : "18008", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18008" "name": "30430",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/30430"
"name" : "18333", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18333" "name": "APPLE-SA-2008-05-28",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2008//May/msg00001.html"
"name" : "18339", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18339" "name": "HPSBOV02683",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
"name" : "18340", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18340" "name": "http://issues.apache.org/bugzilla/show_bug.cgi?id=37874",
}, "refsource": "CONFIRM",
{ "url": "http://issues.apache.org/bugzilla/show_bug.cgi?id=37874"
"name" : "18429", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18429" "name": "18517",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18517"
"name" : "18585", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18585" "name": "22669",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/22669"
"name" : "18517", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18517" "name": "TSLSA-2005-0074",
}, "refsource": "TRUSTIX",
{ "url": "http://www.trustix.org/errata/2005/0074/"
"name" : "18743", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18743" "name": "SSA:2006-129-01",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483"
"name" : "17319", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17319" "name": "PK16139",
}, "refsource": "AIXAPAR",
{ "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only"
"name" : "18526", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18526" "name": "oval:org.mitre.oval:def:10480",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10480"
"name" : "19012", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19012" "name": "RHSA-2006:0692",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2006-0692.html"
"name" : "20670", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20670" "name": "SSRT061202",
}, "refsource": "HP",
{ "url": "http://www.securityfocus.com/archive/1/445206/100/0/threaded"
"name" : "21744", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21744" "name": "18585",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18585"
"name" : "22140", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22140" "name": "http://docs.info.apple.com/article.html?artnum=307562",
}, "refsource": "CONFIRM",
{ "url": "http://docs.info.apple.com/article.html?artnum=307562"
"name" : "22368", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22368" "name": "PK25355",
}, "refsource": "AIXAPAR",
{ "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PK25355&apar=only"
"name" : "22388", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22388" "name": "GLSA-200602-03",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml"
"name" : "22669", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/22669" "name": "ADV-2008-1697",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2008/1697"
"name" : "23260", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/23260" "name": "19012",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19012"
"name" : "20046", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/20046" "name": "18429",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18429"
"name" : "25239", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/25239" "name": "15834",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/15834"
"name" : "29420", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29420" "name": "ADV-2005-2870",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/2870"
"name" : "29849", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/29849" "name": "SSA:2006-130-01",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.470158"
"name" : "30430", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/30430" "name": "18743",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18743"
} },
} {
"name": "25239",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25239"
},
{
"name": "HPSBUX02172",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/450315/100/0/threaded"
},
{
"name": "22140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22140"
},
{
"name": "22388",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22388"
}
]
}
}

140
2009/2xxx/CVE-2009-2070.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2070", "ID": "CVE-2009-2070",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", "description_data": [
"refsource" : "MISC", {
"url" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" "lang": "eng",
}, "value": "Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT response page returned by a proxy server, which allows man-in-the-middle attackers to spoof an arbitrary https site by letting a browser obtain a valid certificate from this site during one request, and then sending the browser a crafted 502 response page upon a subsequent request."
{ }
"name" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", ]
"refsource" : "MISC", },
"url" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35411", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35411" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf",
"refsource": "MISC",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "35411",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35411"
},
{
"name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323",
"refsource": "MISC",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
]
}
}

390
2009/2xxx/CVE-2009-2463.json
View File

@ -1,197 +1,197 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-2463", "ID": "CVE-2009-2463",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html" "lang": "eng",
}, "value": "Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=492779", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=492779" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-07.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-07.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "FEDORA-2009-7961", ]
"refsource" : "FEDORA", }
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html" ]
}, },
{ "references": {
"name" : "RHSA-2009:1162", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2009-1162.html" "name": "265068",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1"
"name" : "RHSA-2009:1163", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2009-1163.html" "name": "1020800",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1"
"name" : "RHSA-2010:0153", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0153.html" "name": "RHSA-2010:0153",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html"
"name" : "RHSA-2010:0154", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0154.html" "name": "39001",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/39001"
"name" : "265068", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1" "name": "oval:org.mitre.oval:def:10369",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10369"
"name" : "1020800", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=492779",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=492779"
"name" : "SUSE-SA:2009:042", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html" "name": "FEDORA-2009-7961",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg01032.html"
"name" : "SUSE-SA:2009:039", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html" "name": "36145",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36145"
"name" : "SUSE-SR:2010:013", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" "name": "35944",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35944"
"name" : "USN-915-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-915-1" "name": "ADV-2010-0648",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0648"
"name" : "35758", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35758" "name": "ADV-2010-0650",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/0650"
"name" : "oval:org.mitre.oval:def:10369", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10369" "name": "35943",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35943"
"name" : "35914", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35914" "name": "SUSE-SR:2010:013",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
"name" : "35943", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35943" "name": "38977",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/38977"
"name" : "35944", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35944" "name": "SUSE-SA:2009:039",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00005.html"
"name" : "35947", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35947" "name": "RHSA-2009:1162",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2009-1162.html"
"name" : "36145", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36145" "name": "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2009/mfsa2009-34.html"
"name" : "36005", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36005" "name": "RHSA-2010:0154",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html"
"name" : "39001", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/39001" "name": "35758",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/35758"
"name" : "38977", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/38977" "name": "ADV-2009-2152",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/2152"
"name" : "ADV-2009-1972", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1972" "name": "36005",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/36005"
"name" : "ADV-2009-2152", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/2152" "name": "RHSA-2009:1163",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2009-1163.html"
"name" : "ADV-2010-0648", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0648" "name": "35947",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/35947"
"name" : "ADV-2010-0650", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/0650" "name": "SUSE-SA:2009:042",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00002.html"
} },
} {
"name": "USN-915-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-915-1"
},
{
"name": "35914",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35914"
},
{
"name": "ADV-2009-1972",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1972"
},
{
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-07.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-07.html"
}
]
}
}

270
2009/2xxx/CVE-2009-2878.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2009-2878", "ID": "CVE-2009-2878",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-013-cisco.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-013-cisco.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2879."
{ }
"name" : "http://www.fortiguard.com/advisory/FGA-2009-48.html", ]
"refsource" : "MISC", },
"url" : "http://www.fortiguard.com/advisory/FGA-2009-48.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499", "description": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456", ]
"refsource" : "CONFIRM", }
"url" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456" ]
}, },
{ "references": {
"name" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456" "name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
}, "refsource": "CONFIRM",
{ "url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
"name" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456", },
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456" "name": "http://www.fortiguard.com/advisory/FGA-2009-48.html",
}, "refsource": "MISC",
{ "url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
"name" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456", },
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456" "name": "37810",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37810"
"name" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456", },
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456" "name": "61128",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/61128"
"name" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456", },
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456" "name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
}, "refsource": "CONFIRM",
{ "url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
"name" : "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities", },
"refsource" : "CISCO", {
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml" "name": "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-013-cisco.html",
}, "refsource": "MISC",
{ "url": "http://fgc.fortinet.com/encyclopedia/vulnerability/fg-vd-09-013-cisco.html"
"name" : "37352", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37352" "name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
}, "refsource": "CONFIRM",
{ "url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
"name" : "61128", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/61128" "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499",
}, "refsource": "CONFIRM",
{ "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
"name" : "1023360", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023360" "name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
}, "refsource": "CONFIRM",
{ "url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
"name" : "37810", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37810" "name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
}, "refsource": "CONFIRM",
{ "url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
"name" : "ADV-2009-3574", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3574" "name": "1023360",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1023360"
"name" : "cisco-webex-wrf-bo(54841)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841" "name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
} "refsource": "CONFIRM",
] "url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
} },
} {
"name": "ADV-2009-3574",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
]
}
}

180
2009/3xxx/CVE-2009-3313.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3313", "ID": "CVE-2009-3313",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9711", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9711" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php."
{ }
"name" : "58182", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/58182" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "58183", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/58183" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "58184", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/58184" ]
}, },
{ "references": {
"name" : "36778", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36778" "name": "58183",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/58183"
"name" : "fmyclone-edit-sql-injection(53330)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53330" "name": "9711",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/9711"
"name" : "fmyclone-index-sql-injection(53329)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53329" "name": "58182",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/58182"
} },
} {
"name": "58184",
"refsource": "OSVDB",
"url": "http://osvdb.org/58184"
},
{
"name": "36778",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36778"
},
{
"name": "fmyclone-index-sql-injection(53329)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53329"
},
{
"name": "fmyclone-edit-sql-injection(53330)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53330"
}
]
}
}

140
2009/3xxx/CVE-2009-3580.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3580", "ID": "CVE-2009-3580",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20091221 SQL-Ledger â?? several vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/508559/100/0/threaded" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger 2.8.24 allows remote attackers to hijack the authentication of arbitrary users for requests that change a password via the login, new_password, and confirm_password parameters in a preferences action."
{ }
"name" : "37877", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/37877" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "sqlledger-am-csrf(54964)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54964" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "sqlledger-am-csrf(54964)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54964"
},
{
"name": "20091221 SQL-Ledger â?? several vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508559/100/0/threaded"
},
{
"name": "37877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37877"
}
]
}
}

260
2009/3xxx/CVE-2009-3605.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-3605", "ID": "CVE-2009-3605",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5" "lang": "eng",
}, "value": "Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791."
{ }
"name" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a", ]
"refsource" : "CONFIRM", },
"url" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8", "description": [
"refsource" : "CONFIRM", {
"url" : "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.launchpad.net/bugs/cve/2009-3605", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.launchpad.net/bugs/cve/2009-3605" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=491840", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=491840" "name": "https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz",
}, "refsource": "CONFIRM",
{ "url": "https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz"
"name" : "https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz", },
"refsource" : "CONFIRM", {
"url" : "https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz" "name": "SUSE-SR:2009:018",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
"name" : "https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz", },
"refsource" : "CONFIRM", {
"url" : "https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.8.7-1ubuntu0.4.diff.gz" "name": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8",
}, "refsource": "CONFIRM",
{ "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=9cf2325fb22f812b31858e519411f57747d39bd8"
"name" : "MDVSA-2009:334", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334" "name": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a",
}, "refsource": "CONFIRM",
{ "url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=7b2d314a61fd0e12f47c62996cb49ec0d1ba747a"
"name" : "MDVSA-2011:175", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175" "name": "1021706",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
"name" : "274030", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1" "name": "37114",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/37114"
"name" : "1021706", },
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1" "name": "MDVSA-2011:175",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
"name" : "SUSE-SR:2009:018", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html" "name": "oval:org.mitre.oval:def:7731",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7731"
"name" : "USN-850-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-850-1" "name": "https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz",
}, "refsource": "CONFIRM",
{ "url": "https://launchpad.net/ubuntu/+archive/primary/+files/poppler_0.10.5-1ubuntu2.4.diff.gz"
"name" : "oval:org.mitre.oval:def:7731", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7731" "name": "274030",
}, "refsource": "SUNALERT",
{ "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
"name" : "37114", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37114" "name": "USN-850-1",
} "refsource": "UBUNTU",
] "url": "http://www.ubuntu.com/usn/USN-850-1"
} },
} {
"name": "https://bugs.launchpad.net/bugs/cve/2009-3605",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/bugs/cve/2009-3605"
},
{
"name": "MDVSA-2009:334",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:334"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=491840",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=491840"
},
{
"name": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/poppler/poppler/commit/?id=284a92899602daa4a7f429e61849e794569310b5"
}
]
}
}

140
2009/3xxx/CVE-2009-3710.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3710", "ID": "CVE-2009-3710",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0910-exploits/riorey-passwd.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0910-exploits/riorey-passwd.txt" "lang": "eng",
}, "value": "RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022."
{ }
"name" : "58858", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/58858" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36971", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36971" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0910-exploits/riorey-passwd.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0910-exploits/riorey-passwd.txt"
},
{
"name": "58858",
"refsource": "OSVDB",
"url": "http://osvdb.org/58858"
},
{
"name": "36971",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36971"
}
]
}
}

170
2009/4xxx/CVE-2009-4073.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4073", "ID": "CVE-2009-4073",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20091123 Millions of PDF invisibly embedded with your internal disk paths", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/508010/100/0/threaded" "lang": "eng",
}, "value": "The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page."
{ }
"name" : "http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/", ]
"refsource" : "MISC", },
"url" : "http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug/", "description": [
"refsource" : "MISC", {
"url" : "http://www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "60504", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/60504" ]
}, },
{ "references": {
"name" : "oval:org.mitre.oval:def:12355", "reference_data": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12355" "name": "20091123 Millions of PDF invisibly embedded with your internal disk paths",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/508010/100/0/threaded"
"name" : "37362", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37362" "name": "oval:org.mitre.oval:def:12355",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12355"
} },
} {
"name": "60504",
"refsource": "OSVDB",
"url": "http://osvdb.org/60504"
},
{
"name": "http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/",
"refsource": "MISC",
"url": "http://securethoughts.com/2009/11/millions-of-pdf-invisibly-embedded-with-your-internal-disk-paths/"
},
{
"name": "37362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37362"
},
{
"name": "http://www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2009/11/23/internet_explorer_file_disclosure_bug/"
}
]
}
}

120
2015/0xxx/CVE-2015-0172.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-0172", "ID": "CVE-2015-0172",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699472", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21699472" "lang": "eng",
} "value": "IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote attackers to bypass intended security restrictions and consequently execute unspecified commands and obtain sensitive information via unknown vectors. IBM X-Force ID: 100927."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21699472",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21699472"
}
]
}
}

150
2015/0xxx/CVE-2015-0569.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-0569", "ID": "CVE-2015-0569",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "39308", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/39308/" "lang": "eng",
}, "value": "Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter."
{ }
"name" : "http://source.android.com/security/bulletin/2016-05-01.html", ]
"refsource" : "CONFIRM", },
"url" : "http://source.android.com/security/bulletin/2016-05-01.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "77691", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/77691" ]
} },
] "references": {
} "reference_data": [
} {
"name": "http://source.android.com/security/bulletin/2016-05-01.html",
"refsource": "CONFIRM",
"url": "http://source.android.com/security/bulletin/2016-05-01.html"
},
{
"name": "77691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77691"
},
{
"name": "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015"
},
{
"name": "39308",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39308/"
}
]
}
}

34
2015/0xxx/CVE-2015-0954.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-0954", "ID": "CVE-2015-0954",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

200
2015/1xxx/CVE-2015-1058.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1058", "ID": "CVE-2015-1058",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/ajax_fields/, (3) name property in a basicInfo JSON object to admin/tools/create_theme, (4) data[Link][link_title] parameter to admin/links/links/add, or (5) data[ForumTopic][subject] parameter to forums/off-topic/new."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "35710", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/35710" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/ajax_fields/, (3) name property in a basicInfo JSON object to admin/tools/create_theme, (4) data[Link][link_title] parameter to admin/links/links/add, or (5) data[ForumTopic][subject] parameter to forums/off-topic/new."
{ }
"name" : "http://packetstormsecurity.com/files/129812/AdaptCMS-3.0.3-Cross-Site-Scripting.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/129812/AdaptCMS-3.0.3-Cross-Site-Scripting.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5218.php", "description": [
"refsource" : "MISC", {
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5218.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "116716", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/show/osvdb/116716" ]
}, },
{ "references": {
"name" : "116717", "reference_data": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/116717" "name": "116718",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/show/osvdb/116718"
"name" : "116718", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/116718" "name": "116719",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/show/osvdb/116719"
"name" : "116719", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/116719" "name": "http://packetstormsecurity.com/files/129812/AdaptCMS-3.0.3-Cross-Site-Scripting.html",
}, "refsource": "MISC",
{ "url": "http://packetstormsecurity.com/files/129812/AdaptCMS-3.0.3-Cross-Site-Scripting.html"
"name" : "116720", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/116720" "name": "adaptcms-multiple-data-xss(99617)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99617"
"name" : "adaptcms-multiple-data-xss(99617)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99617" "name": "116716",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/show/osvdb/116716"
} },
} {
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5218.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5218.php"
},
{
"name": "116720",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/116720"
},
{
"name": "116717",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/116717"
},
{
"name": "35710",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35710"
}
]
}
}

200
2015/1xxx/CVE-2015-1082.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-1082", "ID": "CVE-2015-1082",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT204560", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT204560" "lang": "eng",
}, "value": "WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and 8.x before 8.0.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other CVEs listed in APPLE-SA-2015-03-17-1."
{ }
"name" : "https://support.apple.com/HT204661", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT204661" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT204662", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT204662" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://support.apple.com/kb/HT204949", ]
"refsource" : "CONFIRM", }
"url" : "https://support.apple.com/kb/HT204949" ]
}, },
{ "references": {
"name" : "APPLE-SA-2015-03-17-1", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html" "name": "APPLE-SA-2015-04-08-3",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
"name" : "APPLE-SA-2015-04-08-3", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" "name": "APPLE-SA-2015-06-30-6",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html"
"name" : "APPLE-SA-2015-04-08-4", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html" "name": "APPLE-SA-2015-03-17-1",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Mar/msg00004.html"
"name" : "APPLE-SA-2015-06-30-6", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00006.html" "name": "https://support.apple.com/kb/HT204949",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/kb/HT204949"
"name" : "1031936", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031936" "name": "1031936",
} "refsource": "SECTRACK",
] "url": "http://www.securitytracker.com/id/1031936"
} },
} {
"name": "https://support.apple.com/HT204662",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204662"
},
{
"name": "https://support.apple.com/HT204560",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204560"
},
{
"name": "APPLE-SA-2015-04-08-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00003.html"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}

180
2015/1xxx/CVE-2015-1228.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@google.com",
"ID" : "CVE-2015-1228", "ID": "CVE-2015-1228",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html" "lang": "eng",
}, "value": "The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence."
{ }
"name" : "https://code.google.com/p/chromium/issues/detail?id=444707", ]
"refsource" : "CONFIRM", },
"url" : "https://code.google.com/p/chromium/issues/detail?id=444707" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://src.chromium.org/viewvc/blink?revision=188180&view=revision", "description": [
"refsource" : "CONFIRM", {
"url" : "https://src.chromium.org/viewvc/blink?revision=188180&view=revision" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201503-12", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201503-12" ]
}, },
{ "references": {
"name" : "RHSA-2015:0627", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0627.html" "name": "https://code.google.com/p/chromium/issues/detail?id=444707",
}, "refsource": "CONFIRM",
{ "url": "https://code.google.com/p/chromium/issues/detail?id=444707"
"name" : "USN-2521-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2521-1" "name": "USN-2521-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2521-1"
"name" : "72901", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72901" "name": "72901",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/72901"
} },
} {
"name": "GLSA-201503-12",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-12"
},
{
"name": "RHSA-2015:0627",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0627.html"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=188180&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=188180&view=revision"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html"
}
]
}
}

210
2015/1xxx/CVE-2015-1365.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1365", "ID": "CVE-2015-1365",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150119 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534505/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter."
{ }
"name" : "35846", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/35846" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20150120 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities", "description": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2015/Jan/75" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20150125 CVE request: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2015/01/25/5" ]
}, },
{ "references": {
"name" : "http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html", "reference_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html" "name": "20150120 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities",
}, "refsource": "FULLDISC",
{ "url": "http://seclists.org/fulldisclosure/2015/Jan/75"
"name" : "https://www.mogwaisecurity.de/advisories/MSA-2015-01.txt", },
"refsource" : "MISC", {
"url" : "https://www.mogwaisecurity.de/advisories/MSA-2015-01.txt" "name": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php",
}, "refsource": "CONFIRM",
{ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php"
"name" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php", },
"refsource" : "CONFIRM", {
"url" : "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=1067992%40pixabay-images%2Ftrunk%2Fpixabay-images.php&old=926633%40pixabay-images%2Ftrunk%2Fpixabay-images.php" "name": "pixarbay-wordpress-q-dir-traversal(100036)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100036"
"name" : "https://wordpress.org/plugins/pixabay-images/changelog/", },
"refsource" : "CONFIRM", {
"url" : "https://wordpress.org/plugins/pixabay-images/changelog/" "name": "117147",
}, "refsource": "OSVDB",
{ "url": "http://osvdb.org/show/osvdb/117147"
"name" : "117147", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/show/osvdb/117147" "name": "35846",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/35846"
"name" : "pixarbay-wordpress-q-dir-traversal(100036)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100036" "name": "20150119 MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/534505/100/0/threaded"
} },
} {
"name": "[oss-security] 20150125 CVE request: MSA-2015-01: Wordpress Plugin Pixabay Images Multiple Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/01/25/5"
},
{
"name": "https://www.mogwaisecurity.de/advisories/MSA-2015-01.txt",
"refsource": "MISC",
"url": "https://www.mogwaisecurity.de/advisories/MSA-2015-01.txt"
},
{
"name": "http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130017/WordPress-Pixarbay-Images-2.3-XSS-Bypass-Upload-Traversal.html"
},
{
"name": "https://wordpress.org/plugins/pixabay-images/changelog/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/plugins/pixabay-images/changelog/"
}
]
}
}

150
2015/1xxx/CVE-2015-1820.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-1820", "ID": "CVE-2015-1820",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150323 CVE-2015-1820: ruby rest-client session fixation vulnerability", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2015/03/24/3" "lang": "eng",
}, "value": "REST client for Ruby (aka rest-client) before 1.8.0 allows remote attackers to conduct session fixation attacks or obtain sensitive cookie information by leveraging passage of cookies set in a response to a redirect."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205291", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205291" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://github.com/rest-client/rest-client/issues/369", "description": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/rest-client/rest-client/issues/369" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "73295", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/73295" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://github.com/rest-client/rest-client/issues/369",
"refsource": "CONFIRM",
"url": "https://github.com/rest-client/rest-client/issues/369"
},
{
"name": "73295",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73295"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205291",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205291"
},
{
"name": "[oss-security] 20150323 CVE-2015-1820: ruby rest-client session fixation vulnerability",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/03/24/3"
}
]
}
}

160
2015/1xxx/CVE-2015-1854.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-1854", "ID": "CVE-2015-1854",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update", "description_data": [
"refsource" : "MLIST", {
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html" "lang": "eng",
}, "value": "389 Directory Server before 1.3.3.10 allows attackers to bypass intended access restrictions and modify directory entries via a crafted ldapmodrdn call."
{ }
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1209573", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1209573" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "FEDORA-2015-7206", "description": [
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2015:0895", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2015:0895" ]
}, },
{ "references": {
"name" : "74392", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/74392" "name": "74392",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/74392"
} },
} {
"name": "RHSA-2015:0895",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2015:0895"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1209573",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1209573"
},
{
"name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1428-1] 389-ds-base security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00018.html"
},
{
"name": "FEDORA-2015-7206",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157069.html"
}
]
}
}

160
2015/4xxx/CVE-2015-4134.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-4134", "ID": "CVE-2015-4134",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in goto.php in phpwind 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150524 phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://seclists.org/fulldisclosure/2015/May/107" "lang": "eng",
}, "value": "Open redirect vulnerability in goto.php in phpwind 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter."
{ }
"name" : "http://packetstormsecurity.com/files/132033/phpwind-8.7-Open-Redirect.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/132033/phpwind-8.7-Open-Redirect.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://tetraph.com/security/open-redirect/phpwind-v8-7-open-redirect/", "description": [
"refsource" : "MISC", {
"url" : "http://tetraph.com/security/open-redirect/phpwind-v8-7-open-redirect/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "74804", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/74804" ]
}, },
{ "references": {
"name" : "1032428", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032428" "name": "20150524 phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities",
} "refsource": "FULLDISC",
] "url": "http://seclists.org/fulldisclosure/2015/May/107"
} },
} {
"name": "74804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74804"
},
{
"name": "http://packetstormsecurity.com/files/132033/phpwind-8.7-Open-Redirect.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132033/phpwind-8.7-Open-Redirect.html"
},
{
"name": "1032428",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032428"
},
{
"name": "http://tetraph.com/security/open-redirect/phpwind-v8-7-open-redirect/",
"refsource": "MISC",
"url": "http://tetraph.com/security/open-redirect/phpwind-v8-7-open-redirect/"
}
]
}
}

34
2015/4xxx/CVE-2015-4172.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-4172", "ID": "CVE-2015-4172",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2015/4xxx/CVE-2015-4208.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-4208", "ID": "CVE-2015-4208",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150623 Cisco WebEx Meeting Center GET Parameter Vulnerability", "description_data": [
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39458" "lang": "eng",
}, "value": "Cisco WebEx Meeting Center does not properly restrict the content of URLs in GET requests, which allows remote attackers to obtain sensitive information or conduct SQL injection attacks via vectors involving read access to a request, aka Bug ID CSCup88398."
{ }
"name" : "75361", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/75361" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032705", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032705" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "20150623 Cisco WebEx Meeting Center GET Parameter Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39458"
},
{
"name": "75361",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75361"
},
{
"name": "1032705",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032705"
}
]
}
}

240
2015/4xxx/CVE-2015-4643.json
View File

@ -1,122 +1,122 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-4643", "ID": "CVE-2015-4643",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request", "description_data": [
"refsource" : "MLIST", {
"url" : "http://openwall.com/lists/oss-security/2015/06/18/6" "lang": "eng",
}, "value": "Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022."
{ }
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2", ]
"refsource" : "CONFIRM", },
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://php.net/ChangeLog-5.php", "description": [
"refsource" : "CONFIRM", {
"url" : "http://php.net/ChangeLog-5.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.php.net/bug.php?id=69545", ]
"refsource" : "CONFIRM", }
"url" : "https://bugs.php.net/bug.php?id=69545" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" "name": "RHSA-2015:1187",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
"name" : "DSA-3344", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3344" "name": "https://bugs.php.net/bug.php?id=69545",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.php.net/bug.php?id=69545"
"name" : "GLSA-201606-10", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201606-10" "name": "1032709",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1032709"
"name" : "RHSA-2015:1187", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1187.html" "name": "RHSA-2015:1186",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
"name" : "RHSA-2015:1135", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1135.html" "name": "DSA-3344",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3344"
"name" : "RHSA-2015:1186", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1186.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
"name" : "RHSA-2015:1218", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1218.html" "name": "[oss-security] 20150618 Re: PHP 5.6.10 / 5.5.26 / 5.4.42 CVE request",
}, "refsource": "MLIST",
{ "url": "http://openwall.com/lists/oss-security/2015/06/18/6"
"name" : "75291", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75291" "name": "http://php.net/ChangeLog-5.php",
}, "refsource": "CONFIRM",
{ "url": "http://php.net/ChangeLog-5.php"
"name" : "1032709", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032709" "name": "75291",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/75291"
} },
} {
"name": "RHSA-2015:1135",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
},
{
"name": "GLSA-201606-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-10"
},
{
"name": "RHSA-2015:1218",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1218.html"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2"
}
]
}
}

140
2015/8xxx/CVE-2015-8315.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-8315", "ID": "CVE-2015-8315",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a \"regular expression denial of service (ReDoS).\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20160420 various vulnerabilities in Node.js packages", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2016/04/20/11" "lang": "eng",
}, "value": "The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a \"regular expression denial of service (ReDoS).\""
{ }
"name" : "https://nodesecurity.io/advisories/46", ]
"refsource" : "CONFIRM", },
"url" : "https://nodesecurity.io/advisories/46" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "96389", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/96389" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "96389",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96389"
},
{
"name": "https://nodesecurity.io/advisories/46",
"refsource": "CONFIRM",
"url": "https://nodesecurity.io/advisories/46"
},
{
"name": "[oss-security] 20160420 various vulnerabilities in Node.js packages",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/11"
}
]
}
}

132
2015/9xxx/CVE-2015-9122.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "product-security@qualcomm.com", "ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00", "DATE_PUBLIC": "2018-04-02T00:00:00",
"ID" : "CVE-2015-9122", "ID": "CVE-2015-9122",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Snapdragon Mobile, Snapdragon Wear", "product_name": "Snapdragon Mobile, Snapdragon Wear",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835" "version_value": "MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Qualcomm, Inc." "vendor_name": "Qualcomm, Inc."
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 835, possible buffer overflow if SIM card sends a response greater than 64KB of data for stream APDU command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer overflow to buffer overflow while processing response of a stream APDU command"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://source.android.com/security/bulletin/2018-04-01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://source.android.com/security/bulletin/2018-04-01" "lang": "eng",
}, "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 835, possible buffer overflow if SIM card sends a response greater than 64KB of data for stream APDU command."
{ }
"name" : "103671", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/103671" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Integer overflow to buffer overflow while processing response of a stream APDU command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

34
2018/2xxx/CVE-2018-2308.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-2308", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-2308",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

34
2018/2xxx/CVE-2018-2533.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-2533", "ID": "CVE-2018-2533",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

140
2018/2xxx/CVE-2018-2574.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-2574", "ID": "CVE-2018-2574",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Siebel CRM Desktop", "product_name": "Siebel CRM Desktop",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "16.0" "version_value": "16.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "17.0" "version_value": "17.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM (subcomponent: Outlook Client). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM Desktop. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM Desktop accessible data as well as unauthorized access to critical data or complete access to all Siebel CRM Desktop accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM Desktop. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM Desktop accessible data as well as unauthorized access to critical data or complete access to all Siebel CRM Desktop accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" "lang": "eng",
}, "value": "Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM (subcomponent: Outlook Client). Supported versions that are affected are 16.0 and 17.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM Desktop. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM Desktop accessible data as well as unauthorized access to critical data or complete access to all Siebel CRM Desktop accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
{ }
"name" : "102623", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102623" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM Desktop. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Siebel CRM Desktop accessible data as well as unauthorized access to critical data or complete access to all Siebel CRM Desktop accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "102623",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102623"
}
]
}
}

142
2018/2xxx/CVE-2018-2947.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-2947", "ID": "CVE-2018-2947",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "JD Edwards EnterpriseOne Tools", "product_name": "JD Edwards EnterpriseOne Tools",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "9.2" "version_value": "9.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Web Runtime). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
{ }
"name" : "104789", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104789" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041305", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041305" "lang": "eng",
} "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Tools accessible data."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "104789",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104789"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041305",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041305"
}
]
}
}

132
2018/3xxx/CVE-2018-3976.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2019-01-30T00:00:00", "DATE_PUBLIC": "2019-01-30T00:00:00",
"ID" : "CVE-2018-3976", "ID": "CVE-2018-3976",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "ACD Systems", "product_name": "ACD Systems",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "ACDSystems Canvas Draw 5.0.0.28" "version_value": "ACDSystems Canvas Draw 5.0.0.28"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Talos" "vendor_name": "Talos"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Out of bounds write code execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0642", "description_data": [
"refsource" : "MISC", {
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0642" "lang": "eng",
}, "value": "An exploitable out-of-bounds write exists in the CALS Raster file format-parsing functionality of Canvas Draw version 5.0.0.28. A specially crafted CAL image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a CAL image to trigger this vulnerability and gain code execution."
{ }
"name" : "106809", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106809" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Out of bounds write code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0642",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0642"
},
{
"name": "106809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106809"
}
]
}
}

122
2018/6xxx/CVE-2018-6266.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@nvidia.com", "ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC" : "2018-11-19T00:00:00", "DATE_PUBLIC": "2018-11-19T00:00:00",
"ID" : "CVE-2018-6266", "ID": "CVE-2018-6266",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "GeForce Experience", "product_name": "GeForce Experience",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.16" "version_value": "3.16"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Nvidia Corporation" "vendor_name": "Nvidia Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4740", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4740" "lang": "eng",
} "value": "NVIDIA GeForce Experience contains a vulnerability in all versions prior to 3.16 on Windows where a local user may obtain third party integration parameters, which may lead to information disclosure."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4740"
}
]
}
}

132
2018/6xxx/CVE-2018-6291.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "vulnerability@kaspersky.com", "ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC" : "2018-02-01T00:00:00", "DATE_PUBLIC": "2018-02-01T00:00:00",
"ID" : "CVE-2018-6291", "ID": "CVE-2018-6291",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Kaspersky Secure Mail Gateway", "product_name": "Kaspersky Secure Mail Gateway",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "1.1" "version_value": "1.1"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Kaspersky Labs" "vendor_name": "Kaspersky Labs"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "WebConsole Cross-Site Scripting"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities" "lang": "eng",
}, "value": "WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway version 1.1."
{ }
"name" : "https://support.kaspersky.com/vulnerability.aspx?el=12430#010218", ]
"refsource" : "CONFIRM", },
"url" : "https://support.kaspersky.com/vulnerability.aspx?el=12430#010218" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "WebConsole Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.kaspersky.com/vulnerability.aspx?el=12430#010218",
"refsource": "CONFIRM",
"url": "https://support.kaspersky.com/vulnerability.aspx?el=12430#010218"
},
{
"name": "https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities"
}
]
}
}

132
2018/6xxx/CVE-2018-6333.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve-assign@fb.com", "ASSIGNER": "cve-assign@fb.com",
"DATE_ASSIGNED" : "2018-03-19", "DATE_ASSIGNED": "2018-03-19",
"ID" : "CVE-2018-6333", "ID": "CVE-2018-6333",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Nuclide", "product_name": "Nuclide",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "!=>", "version_affected": "!=>",
"version_value" : "v0.290.0" "version_value": "v0.290.0"
}, },
{ {
"version_affected" : "<=", "version_affected": "<=",
"version_value" : "v0.290.0" "version_value": "v0.290.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Facebook" "vendor_name": "Facebook"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This issue affected Nuclide prior to v0.290.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Neutralization of Input During Web Page Generation (CWE-79)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/facebook/nuclide/commit/65f6bbd683404be1bb569b8d1be84b5d4c74a324", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/facebook/nuclide/commit/65f6bbd683404be1bb569b8d1be84b5d4c74a324" "lang": "eng",
} "value": "The hhvm-attach deep link handler in Nuclide did not properly sanitize the provided hostname parameter when rendering. As a result, a malicious URL could be used to render HTML and other content inside of the editor's context, which could potentially be chained to lead to code execution. This issue affected Nuclide prior to v0.290.0."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/facebook/nuclide/commit/65f6bbd683404be1bb569b8d1be84b5d4c74a324",
"refsource": "MISC",
"url": "https://github.com/facebook/nuclide/commit/65f6bbd683404be1bb569b8d1be84b5d4c74a324"
}
]
}
}

140
2018/6xxx/CVE-2018-6635.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-6635", "ID": "CVE-2018-6635",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://downloads.avaya.com/css/P8/documents/101038598", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://downloads.avaya.com/css/P8/documents/101038598" "lang": "eng",
}, "value": "System Manager in Avaya Aura before 7.1.2 does not properly use SSL in conjunction with authentication, which allows remote attackers to bypass intended Remote Method Invocation (RMI) restrictions, aka SMGR-26896."
{ }
"name" : "102940", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/102940" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040329", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040329" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1040329",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040329"
},
{
"name": "https://downloads.avaya.com/css/P8/documents/101038598",
"refsource": "CONFIRM",
"url": "https://downloads.avaya.com/css/P8/documents/101038598"
},
{
"name": "102940",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102940"
}
]
}
}

132
2018/6xxx/CVE-2018-6920.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secteam@freebsd.org", "ASSIGNER": "secteam@freebsd.org",
"DATE_PUBLIC" : "2018-05-08T00:00:00", "DATE_PUBLIC": "2018-05-08T00:00:00",
"ID" : "CVE-2018-6920", "ID": "CVE-2018-6920",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "FreeBSD", "product_name": "FreeBSD",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "All supported versions of FreeBSD." "version_value": "All supported versions of FreeBSD."
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "FreeBSD" "vendor_name": "FreeBSD"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Kernel memory disclosure"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc" "lang": "eng",
}, "value": "In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, 10.4-STABLE(r332321), and 10.4-RELEASE-p9, due to insufficient initialization of memory copied to userland in the Linux subsystem and Atheros wireless driver, small amounts of kernel memory may be disclosed to userland processes. Unprivileged authenticated local users may be able to access small amounts of privileged kernel data."
{ }
"name" : "104114", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104114" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Kernel memory disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104114"
},
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc"
}
]
}
}

130
2018/7xxx/CVE-2018-7101.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "security-alert@hpe.com", "ASSIGNER": "security-alert@hpe.com",
"ID" : "CVE-2018-7101", "ID": "CVE-2018-7101",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers, HPE Integrated Lights-Out 4 (iLO 4)", "product_name": "HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers, HPE Integrated Lights-Out 4 (iLO 4)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "iLO 4 prior to v2.26, iLO5 prior to v1.30" "version_value": "iLO 4 prior to v2.26, iLO5 prior to v1.30"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Hewlett Packard Enterprise" "vendor_name": "Hewlett Packard Enterprise"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "remote denial of service"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03875en_us", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03875en_us" "lang": "eng",
}, "value": "A potential remote denial of service security vulnerability has been identified in HPE Integrated Lights Out 4 prior to v2.60 and iLO 5 for Gen 10 servers prior to v1.30."
{ }
"name" : "1041488", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1041488" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "remote denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041488",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041488"
},
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03875en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03875en_us"
}
]
}
}

34
2018/7xxx/CVE-2018-7917.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7917", "ID": "CVE-2018-7917",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5214.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5214", "ID": "CVE-2019-5214",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5420.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5420", "ID": "CVE-2019-5420",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2019/5xxx/CVE-2019-5926.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2019-5926", "ID": "CVE-2019-5926",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }