admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-05-05 10:18:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:49:13 +00:00
parent f44768cac1
commit 6e6c1c6e4d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
47 changed files with 3579 additions and 3579 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
2005/0xxx/CVE-2005-0198.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0198",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "VU#702777",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/702777"
},
{
"name" : "http://www.kb.cert.org/vuls/id/CRDY-68QSL5",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/CRDY-68QSL5"
},
{
"name" : "GLSA-200502-02",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml"
},
{
"name" : "MDKSA-2005:026",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:026"
},
{
"name" : "RHSA-2005:128",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-128.html"
},
{
"name" : "12391",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12391"
},
{
"name" : "oval:org.mitre.oval:def:11306",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306"
},
{
"name" : "1013037",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013037"
},
{
"name" : "14057",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14057"
},
{
"name" : "14097",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14097"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:11306",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11306"
},
{
"name": "http://www.kb.cert.org/vuls/id/CRDY-68QSL5",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/CRDY-68QSL5"
},
{
"name": "RHSA-2005:128",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-128.html"
},
{
"name": "GLSA-200502-02",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml"
},
{
"name": "MDKSA-2005:026",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:026"
},
{
"name": "14097",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14097"
},
{
"name": "1013037",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013037"
},
{
"name": "VU#702777",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/702777"
},
{
"name": "14057",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14057"
},
{
"name": "12391",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12391"
}
]
}
}

34
2005/0xxx/CVE-2005-0556.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0556",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0556",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2005/0xxx/CVE-2005-0697.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0697",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the process_picture function xp_publish.php in CopperExport 0.2.1 allows remote attackers to execute arbitrary SQL commands, possibly via the (1) title, (2) caption, or (3) keywords parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zzamboni.org/copperexport/",
"refsource" : "CONFIRM",
"url" : "http://www.zzamboni.org/copperexport/"
},
{
"name" : "14401",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14401"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the process_picture function xp_publish.php in CopperExport 0.2.1 allows remote attackers to execute arbitrary SQL commands, possibly via the (1) title, (2) caption, or (3) keywords parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.zzamboni.org/copperexport/",
"refsource": "CONFIRM",
"url": "http://www.zzamboni.org/copperexport/"
},
{
"name": "14401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14401"
}
]
}
}

120
2005/0xxx/CVE-2005-0969.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0969",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0969",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2005-04-15",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Apr/msg00000.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2005-04-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Apr/msg00000.html"
}
]
}
}

150
2005/2xxx/CVE-2005-2645.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2645",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to bypass authentication."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_008.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_008.pdf"
},
{
"name" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_009.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_009.pdf"
},
{
"name" : "1014720",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014720"
},
{
"name" : "16467",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16467"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to bypass authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014720",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014720"
},
{
"name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_008.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_008.pdf"
},
{
"name": "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_009.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/downloads/usa/en/c/cert_XRX05_009.pdf"
},
{
"name": "16467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16467"
}
]
}
}

160
2005/3xxx/CVE-2005-3467.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3467",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of \"~\" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3467",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.serv-u.com/releasenotes.asp",
"refsource" : "CONFIRM",
"url" : "http://www.serv-u.com/releasenotes.asp"
},
{
"name" : "15273",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15273"
},
{
"name" : "ADV-2005-2267",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2267"
},
{
"name" : "1015151",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015151"
},
{
"name" : "17409",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17409"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of \"~\" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2267",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2267"
},
{
"name": "http://www.serv-u.com/releasenotes.asp",
"refsource": "CONFIRM",
"url": "http://www.serv-u.com/releasenotes.asp"
},
{
"name": "17409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17409"
},
{
"name": "1015151",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015151"
},
{
"name": "15273",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15273"
}
]
}
}

180
2005/3xxx/CVE-2005-3589.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3589",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3589",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051107 Work in Progress: FileZilla Server Terminal V0.9.4d Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113140190521377&w=2"
},
{
"name" : "20051121 Re: Work in Progress: FileZilla Server Terminal V0.9.4d Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/417307/30/0/threaded"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=298735",
"refsource" : "MISC",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=298735"
},
{
"name" : "http://ingehenriksen.blogspot.com/2005/11/work-in-progress-filezilla-server.html",
"refsource" : "MISC",
"url" : "http://ingehenriksen.blogspot.com/2005/11/work-in-progress-filezilla-server.html"
},
{
"name" : "http://ingehenriksen.blogspot.com/2005/11/filezilla-server-terminal-094d-dos-poc_21.html",
"refsource" : "MISC",
"url" : "http://ingehenriksen.blogspot.com/2005/11/filezilla-server-terminal-094d-dos-poc_21.html"
},
{
"name" : "15346",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15346"
},
{
"name" : "20817",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20817"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20817",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20817"
},
{
"name": "15346",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15346"
},
{
"name": "http://ingehenriksen.blogspot.com/2005/11/work-in-progress-filezilla-server.html",
"refsource": "MISC",
"url": "http://ingehenriksen.blogspot.com/2005/11/work-in-progress-filezilla-server.html"
},
{
"name": "20051107 Work in Progress: FileZilla Server Terminal V0.9.4d Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113140190521377&w=2"
},
{
"name": "http://ingehenriksen.blogspot.com/2005/11/filezilla-server-terminal-094d-dos-poc_21.html",
"refsource": "MISC",
"url": "http://ingehenriksen.blogspot.com/2005/11/filezilla-server-terminal-094d-dos-poc_21.html"
},
{
"name": "20051121 Re: Work in Progress: FileZilla Server Terminal V0.9.4d Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417307/30/0/threaded"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=298735",
"refsource": "MISC",
"url": "http://sourceforge.net/project/shownotes.php?release_id=298735"
}
]
}
}

180
2005/3xxx/CVE-2005-3849.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3849",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051122 PmWiki 2.0.12 Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"name" : "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt",
"refsource" : "MISC",
"url" : "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
},
{
"name" : "15539",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15539"
},
{
"name" : "ADV-2005-2532",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2532"
},
{
"name" : "21056",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21056"
},
{
"name" : "17707",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17707"
},
{
"name" : "201",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/201"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "201",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/201"
},
{
"name": "ADV-2005-2532",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2532"
},
{
"name": "17707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17707"
},
{
"name": "15539",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15539"
},
{
"name": "20051122 PmWiki 2.0.12 Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/417432/100/0/threaded"
},
{
"name": "21056",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21056"
},
{
"name": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0005/pmwiki/0005.txt"
}
]
}
}

470
2005/4xxx/CVE-2005-4077.json
View File

@ -1,237 +1,237 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4077",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a \"?\" separator in the hostname portion, which causes a \"/\" to be prepended to the resulting string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051207 Advisory 24/2005: libcurl URL parsing vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/418849/100/0/threaded"
},
{
"name" : "http://www.hardened-php.net/advisory_242005.109.html",
"refsource" : "MISC",
"url" : "http://www.hardened-php.net/advisory_242005.109.html"
},
{
"name" : "http://qa.openoffice.org/issues/show_bug.cgi?id=59032",
"refsource" : "MISC",
"url" : "http://qa.openoffice.org/issues/show_bug.cgi?id=59032"
},
{
"name" : "http://curl.haxx.se/docs/adv_20051207.html",
"refsource" : "CONFIRM",
"url" : "http://curl.haxx.se/docs/adv_20051207.html"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=307562",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name" : "APPLE-SA-2006-05-11",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name" : "APPLE-SA-2008-03-18",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name" : "DSA-919",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-919"
},
{
"name" : "FEDORA-2005-1129",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html"
},
{
"name" : "GLSA-200512-09",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml"
},
{
"name" : "GLSA-200603-25",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-25.xml"
},
{
"name" : "MDKSA-2005:224",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:224"
},
{
"name" : "RHSA-2005:875",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-875.html"
},
{
"name" : "SCOSA-2006.16",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt"
},
{
"name" : "TSLSA-2005-0072",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2005/0072/"
},
{
"name" : "USN-228-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/228-1/"
},
{
"name" : "TA06-132A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name" : "15756",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15756"
},
{
"name" : "17951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17951"
},
{
"name" : "oval:org.mitre.oval:def:10855",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10855"
},
{
"name" : "ADV-2005-2791",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2791"
},
{
"name" : "ADV-2006-0960",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0960"
},
{
"name" : "ADV-2006-1779",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name" : "ADV-2008-0924",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name" : "17907",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17907"
},
{
"name" : "17977",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17977"
},
{
"name" : "18105",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18105"
},
{
"name" : "18188",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18188"
},
{
"name" : "18336",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18336"
},
{
"name" : "17960",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17960"
},
{
"name" : "17961",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17961"
},
{
"name" : "17965",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17965"
},
{
"name" : "19261",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19261"
},
{
"name" : "19433",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19433"
},
{
"name" : "19457",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19457"
},
{
"name" : "20077",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20077"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a \"?\" separator in the hostname portion, which causes a \"/\" to be prepended to the resulting string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "GLSA-200603-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-25.xml"
},
{
"name": "ADV-2006-1779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "ADV-2005-2791",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2791"
},
{
"name": "ADV-2006-0960",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0960"
},
{
"name": "DSA-919",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-919"
},
{
"name": "19433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19433"
},
{
"name": "FEDORA-2005-1129",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html"
},
{
"name": "RHSA-2005:875",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-875.html"
},
{
"name": "20051207 Advisory 24/2005: libcurl URL parsing vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418849/100/0/threaded"
},
{
"name": "http://www.hardened-php.net/advisory_242005.109.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_242005.109.html"
},
{
"name": "oval:org.mitre.oval:def:10855",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10855"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "USN-228-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/228-1/"
},
{
"name": "17977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17977"
},
{
"name": "http://curl.haxx.se/docs/adv_20051207.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20051207.html"
},
{
"name": "18105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18105"
},
{
"name": "15756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15756"
},
{
"name": "SCOSA-2006.16",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "18336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18336"
},
{
"name": "19261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19261"
},
{
"name": "GLSA-200512-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml"
},
{
"name": "TSLSA-2005-0072",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0072/"
},
{
"name": "17965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17965"
},
{
"name": "http://qa.openoffice.org/issues/show_bug.cgi?id=59032",
"refsource": "MISC",
"url": "http://qa.openoffice.org/issues/show_bug.cgi?id=59032"
},
{
"name": "19457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19457"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "17960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17960"
},
{
"name": "MDKSA-2005:224",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:224"
},
{
"name": "17907",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17907"
},
{
"name": "20077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20077"
},
{
"name": "18188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18188"
},
{
"name": "17961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17961"
}
]
}
}

170
2005/4xxx/CVE-2005-4608.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4608",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in BugPort 1.147 allows remote attackers to execute arbitrary SQL commands via the (1) devWherePair[0], (2) orderBy, and (3) where parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/bugport-multiple-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/bugport-multiple-vuln.html"
},
{
"name" : "16121",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16121"
},
{
"name" : "ADV-2006-0009",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0009"
},
{
"name" : "22142",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22142"
},
{
"name" : "18282",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18282"
},
{
"name" : "bugport-index-sql-injection(23919)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23919"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in BugPort 1.147 allows remote attackers to execute arbitrary SQL commands via the (1) devWherePair[0], (2) orderBy, and (3) where parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "bugport-index-sql-injection(23919)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23919"
},
{
"name": "16121",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16121"
},
{
"name": "ADV-2006-0009",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0009"
},
{
"name": "18282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18282"
},
{
"name": "http://pridels0.blogspot.com/2005/12/bugport-multiple-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/bugport-multiple-vuln.html"
},
{
"name": "22142",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22142"
}
]
}
}

180
2005/4xxx/CVE-2005-4698.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4698",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4698",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051005 Tellme 1.2",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.html"
},
{
"name" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt",
"refsource" : "MISC",
"url" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt"
},
{
"name" : "http://kimihia.org.nz/projects/tellme/files/tellme-1.2-1.3.diff",
"refsource" : "CONFIRM",
"url" : "http://kimihia.org.nz/projects/tellme/files/tellme-1.2-1.3.diff"
},
{
"name" : "15012",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15012"
},
{
"name" : "19870",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19870"
},
{
"name" : "17078",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17078"
},
{
"name" : "tellme-index-xss(22521)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22521"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tellme-index-xss(22521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22521"
},
{
"name": "19870",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19870"
},
{
"name": "15012",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15012"
},
{
"name": "20051005 Tellme 1.2",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.html"
},
{
"name": "http://kimihia.org.nz/projects/tellme/files/tellme-1.2-1.3.diff",
"refsource": "CONFIRM",
"url": "http://kimihia.org.nz/projects/tellme/files/tellme-1.2-1.3.diff"
},
{
"name": "http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt",
"refsource": "MISC",
"url": "http://exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txt"
},
{
"name": "17078",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17078"
}
]
}
}

130
2005/4xxx/CVE-2005-4880.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4880",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4880",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html"
},
{
"name" : "16337",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16337"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16337"
},
{
"name": "http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html"
}
]
}
}

270
2009/0xxx/CVE-2009-0787.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0787",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0787",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8faece5f906725c10e7a1f6caf84452abadbdc7b",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8faece5f906725c10e7a1f6caf84452abadbdc7b"
},
{
"name" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9",
"refsource" : "CONFIRM",
"url" : "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name" : "RHSA-2009:0473",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-0473.html"
},
{
"name" : "34216",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34216"
},
{
"name" : "52860",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52860"
},
{
"name" : "oval:org.mitre.oval:def:11068",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11068"
},
{
"name" : "oval:org.mitre.oval:def:8319",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8319"
},
{
"name" : "1022177",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022177"
},
{
"name" : "34422",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34422"
},
{
"name" : "35015",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35015"
},
{
"name" : "37471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37471"
},
{
"name" : "ADV-2009-0802",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0802"
},
{
"name" : "ADV-2009-3316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name" : "linux-kernel-ecryptfs-information-disclosure(49355)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49355"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows local users to obtain portions of kernel memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34422"
},
{
"name": "52860",
"refsource": "OSVDB",
"url": "http://osvdb.org/52860"
},
{
"name": "linux-kernel-ecryptfs-information-disclosure(49355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49355"
},
{
"name": "ADV-2009-0802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0802"
},
{
"name": "37471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37471"
},
{
"name": "1022177",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022177"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8faece5f906725c10e7a1f6caf84452abadbdc7b",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=8faece5f906725c10e7a1f6caf84452abadbdc7b"
},
{
"name": "34216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34216"
},
{
"name": "35015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35015"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:8319",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8319"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.9"
},
{
"name": "oval:org.mitre.oval:def:11068",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11068"
},
{
"name": "RHSA-2009:0473",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-0473.html"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}

140
2009/2xxx/CVE-2009-2976.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2976",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2976",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.airmagnet.com/assets/AM_Technote_SkyJack_082509.pdf",
"refsource" : "MISC",
"url" : "http://www.airmagnet.com/assets/AM_Technote_SkyJack_082509.pdf"
},
{
"name" : "http://www.airmagnet.com/news/press_releases/2009/08252009.php",
"refsource" : "MISC",
"url" : "http://www.airmagnet.com/news/press_releases/2009/08252009.php"
},
{
"name" : "1022774",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022774"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.airmagnet.com/assets/AM_Technote_SkyJack_082509.pdf",
"refsource": "MISC",
"url": "http://www.airmagnet.com/assets/AM_Technote_SkyJack_082509.pdf"
},
{
"name": "1022774",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022774"
},
{
"name": "http://www.airmagnet.com/news/press_releases/2009/08252009.php",
"refsource": "MISC",
"url": "http://www.airmagnet.com/news/press_releases/2009/08252009.php"
}
]
}
}

170
2009/3xxx/CVE-2009-3172.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3172",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 through 07-50-/A, Groupmax Server Set 03-00 through 06-52, Groupware Server Set 03-00 through 06-52, and Scheduler Server Set 03-00 through 06-52 has unknown impact and attack vectors related to invalid access rights."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-012/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-012/index.html"
},
{
"name" : "JVNDB-2009-001930",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001930.html"
},
{
"name" : "36184",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36184"
},
{
"name" : "57565",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/57565"
},
{
"name" : "36527",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36527"
},
{
"name" : "ADV-2009-2480",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2480"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 through 07-50-/A, Groupmax Server Set 03-00 through 06-52, Groupware Server Set 03-00 through 06-52, and Scheduler Server Set 03-00 through 06-52 has unknown impact and attack vectors related to invalid access rights."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36527"
},
{
"name": "36184",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36184"
},
{
"name": "57565",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/57565"
},
{
"name": "ADV-2009-2480",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2480"
},
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-012/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-012/index.html"
},
{
"name": "JVNDB-2009-001930",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001930.html"
}
]
}
}

360
2009/3xxx/CVE-2009-3292.json
View File

@ -1,182 +1,182 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3292",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to \"missing sanity checks around exif processing.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20091120 CVE request: php 5.3.1 update",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/11/20/2"
},
{
"name" : "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/11/20/3"
},
{
"name" : "[php-announce] 20091119 5.3.1 Release announcement",
"refsource" : "MLIST",
"url" : "http://news.php.net/php.announce/79"
},
{
"name" : "http://www.php.net/ChangeLog-5.php#5.2.11",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php#5.2.11"
},
{
"name" : "http://www.php.net/releases/5_2_11.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/releases/5_2_11.php"
},
{
"name" : "http://support.apple.com/kb/HT3937",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3937"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "http://www.php.net/releases/5_3_1.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/releases/5_3_1.php"
},
{
"name" : "APPLE-SA-2009-11-09-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name" : "DSA-1940",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1940"
},
{
"name" : "HPSBUX02543",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127680701405735&w=2"
},
{
"name" : "SSRT100152",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127680701405735&w=2"
},
{
"name" : "HPSBOV02683",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name" : "SSRT090208",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name" : "MDVSA-2009:302",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302"
},
{
"name" : "SUSE-SR:2009:017",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
},
{
"name" : "58186",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/58186"
},
{
"name" : "oval:org.mitre.oval:def:9982",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9982"
},
{
"name" : "oval:org.mitre.oval:def:7652",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7652"
},
{
"name" : "1022914",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022914"
},
{
"name" : "36791",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36791"
},
{
"name" : "37412",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37412"
},
{
"name" : "37482",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37482"
},
{
"name" : "40262",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/40262"
},
{
"name" : "ADV-2009-3184",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3184"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before 5.3.1, has unknown impact and attack vectors related to \"missing sanity checks around exif processing.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.php.net/ChangeLog-5.php#5.2.11",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php#5.2.11"
},
{
"name": "[oss-security] 20091120 Re: CVE request: php 5.3.1 update",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/3"
},
{
"name": "37482",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37482"
},
{
"name": "40262",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40262"
},
{
"name": "[php-announce] 20091119 5.3.1 Release announcement",
"refsource": "MLIST",
"url": "http://news.php.net/php.announce/79"
},
{
"name": "HPSBUX02543",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127680701405735&w=2"
},
{
"name": "SSRT090208",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name": "http://www.php.net/releases/5_2_11.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_2_11.php"
},
{
"name": "1022914",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022914"
},
{
"name": "58186",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/58186"
},
{
"name": "oval:org.mitre.oval:def:9982",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9982"
},
{
"name": "36791",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36791"
},
{
"name": "DSA-1940",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1940"
},
{
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name": "HPSBOV02683",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"
},
{
"name": "[oss-security] 20091120 CVE request: php 5.3.1 update",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/11/20/2"
},
{
"name": "http://www.php.net/releases/5_3_1.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/releases/5_3_1.php"
},
{
"name": "37412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37412"
},
{
"name": "MDVSA-2009:302",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:302"
},
{
"name": "ADV-2009-3184",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3184"
},
{
"name": "SSRT100152",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127680701405735&w=2"
},
{
"name": "APPLE-SA-2009-11-09-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
},
{
"name": "SUSE-SR:2009:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00004.html"
},
{
"name": "http://support.apple.com/kb/HT3937",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3937"
},
{
"name": "oval:org.mitre.oval:def:7652",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7652"
}
]
}
}

130
2009/3xxx/CVE-2009-3541.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3541",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealogy 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the DataDirectory parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9155",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9155"
},
{
"name" : "phpgenealogy-datadirectory-file-include(51728)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51728"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in CoupleDB.php in PHPGenealogy 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the DataDirectory parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phpgenealogy-datadirectory-file-include(51728)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51728"
},
{
"name": "9155",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9155"
}
]
}
}

170
2009/3xxx/CVE-2009-3730.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3730",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3730",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "PK83895",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK83895"
},
{
"name" : "36721",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36721"
},
{
"name" : "59088",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/59088"
},
{
"name" : "59089",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/59089"
},
{
"name" : "37052",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37052"
},
{
"name" : "ADV-2009-2958",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2958"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59088",
"refsource": "OSVDB",
"url": "http://osvdb.org/59088"
},
{
"name": "37052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37052"
},
{
"name": "ADV-2009-2958",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2958"
},
{
"name": "36721",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36721"
},
{
"name": "PK83895",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK83895"
},
{
"name": "59089",
"refsource": "OSVDB",
"url": "http://osvdb.org/59089"
}
]
}
}

150
2009/4xxx/CVE-2009-4569.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0912-exploits/elkagroupv-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0912-exploits/elkagroupv-sql.txt"
},
{
"name" : "10330",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10330"
},
{
"name" : "37229",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37229"
},
{
"name" : "elkagroup-id-sql-injection(54585)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54585"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0912-exploits/elkagroupv-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0912-exploits/elkagroupv-sql.txt"
},
{
"name": "10330",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10330"
},
{
"name": "elkagroup-id-sql-injection(54585)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54585"
},
{
"name": "37229",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37229"
}
]
}
}

180
2009/4xxx/CVE-2009-4654.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4654",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091117 Hellcode Research: Novell eDirectory HTTPSTK Login Stack Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507926/100/0/threaded"
},
{
"name" : "http://downloads.securityfocus.com/vulnerabilities/exploits/37042-2.pl",
"refsource" : "MISC",
"url" : "http://downloads.securityfocus.com/vulnerabilities/exploits/37042-2.pl"
},
{
"name" : "http://tcc.hellcode.net/advisories/hellcode-adv005.txt",
"refsource" : "MISC",
"url" : "http://tcc.hellcode.net/advisories/hellcode-adv005.txt"
},
{
"name" : "http://tcc.hellcode.net/sploitz/httpstk.txt",
"refsource" : "MISC",
"url" : "http://tcc.hellcode.net/sploitz/httpstk.txt"
},
{
"name" : "37042",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37042"
},
{
"name" : "1023188",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023188"
},
{
"name" : "edirectory-httpstk-bo(54308)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54308"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37042"
},
{
"name": "http://tcc.hellcode.net/advisories/hellcode-adv005.txt",
"refsource": "MISC",
"url": "http://tcc.hellcode.net/advisories/hellcode-adv005.txt"
},
{
"name": "http://downloads.securityfocus.com/vulnerabilities/exploits/37042-2.pl",
"refsource": "MISC",
"url": "http://downloads.securityfocus.com/vulnerabilities/exploits/37042-2.pl"
},
{
"name": "http://tcc.hellcode.net/sploitz/httpstk.txt",
"refsource": "MISC",
"url": "http://tcc.hellcode.net/sploitz/httpstk.txt"
},
{
"name": "20091117 Hellcode Research: Novell eDirectory HTTPSTK Login Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507926/100/0/threaded"
},
{
"name": "1023188",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023188"
},
{
"name": "edirectory-httpstk-bo(54308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54308"
}
]
}
}

160
2009/4xxx/CVE-2009-4738.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in JustSystems Corporation ATOK 2006 through 2009 and ATOK flat-rate service, and Just Smile 4 with the ATOK Smile module, allows physically proximate users to bypass the screen lock and execute commands with system privileges via unknown vectors related to \"launching external applications.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.justsystems.com/jp/info/js09003.html",
"refsource" : "CONFIRM",
"url" : "http://www.justsystems.com/jp/info/js09003.html"
},
{
"name" : "JVN#57040664",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN57040664/index.html"
},
{
"name" : "JVNDB-2009-000057",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000057.html"
},
{
"name" : "36220",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36220"
},
{
"name" : "36560",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36560"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in JustSystems Corporation ATOK 2006 through 2009 and ATOK flat-rate service, and Just Smile 4 with the ATOK Smile module, allows physically proximate users to bypass the screen lock and execute commands with system privileges via unknown vectors related to \"launching external applications.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#57040664",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN57040664/index.html"
},
{
"name": "http://www.justsystems.com/jp/info/js09003.html",
"refsource": "CONFIRM",
"url": "http://www.justsystems.com/jp/info/js09003.html"
},
{
"name": "36220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36220"
},
{
"name": "JVNDB-2009-000057",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000057.html"
},
{
"name": "36560",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36560"
}
]
}
}

140
2009/4xxx/CVE-2009-4826.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4826",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4826",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "10444",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10444"
},
{
"name" : "37721",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37721"
},
{
"name" : "ADV-2009-3525",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3525"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in hosting/admin_ac.php in ScriptsEz Mini Hosting Panel allows remote attackers to hijack the authentication of administrators for requests that alter administrative settings via a cp action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37721",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37721"
},
{
"name": "ADV-2009-3525",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3525"
},
{
"name": "10444",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10444"
}
]
}
}

220
2012/2xxx/CVE-2012-2393.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-diameter.c?r1=42200&r2=42199&pathrev=42200",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-diameter.c?r1=42200&r2=42199&pathrev=42200"
},
{
"name" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42200",
"refsource" : "CONFIRM",
"url" : "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42200"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2012-09.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2012-09.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7138",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7138"
},
{
"name" : "MDVSA-2012:015",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:015"
},
{
"name" : "MDVSA-2012:042",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:042"
},
{
"name" : "MDVSA-2012:080",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:080"
},
{
"name" : "53652",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53652"
},
{
"name" : "oval:org.mitre.oval:def:15558",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15558"
},
{
"name" : "1027094",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027094"
},
{
"name" : "49226",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49226"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "epan/dissectors/packet-diameter.c in the DIAMETER dissector in Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 does not properly construct certain array data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet that triggers incorrect memory allocation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2012:015",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:015"
},
{
"name": "1027094",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027094"
},
{
"name": "MDVSA-2012:042",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:042"
},
{
"name": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42200",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc?view=revision&revision=42200"
},
{
"name": "53652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53652"
},
{
"name": "oval:org.mitre.oval:def:15558",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15558"
},
{
"name": "49226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49226"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7138",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7138"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2012-09.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2012-09.html"
},
{
"name": "MDVSA-2012:080",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:080"
},
{
"name": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-diameter.c?r1=42200&r2=42199&pathrev=42200",
"refsource": "CONFIRM",
"url": "http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-diameter.c?r1=42200&r2=42199&pathrev=42200"
}
]
}
}

34
2012/2xxx/CVE-2012-2467.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2467",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2467",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2015/0xxx/CVE-2015-0244.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0244",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-0244",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2015/0xxx/CVE-2015-0425.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0425",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Enterprise Asset Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Siebel Core - Unix/Windows."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2015-0425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name" : "72185",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72185"
},
{
"name" : "1031578",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031578"
},
{
"name" : "oracle-cpujan2015-cve20150425(100120)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100120"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Enterprise Asset Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Siebel Core - Unix/Windows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-cpujan2015-cve20150425(100120)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100120"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
},
{
"name": "72185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72185"
},
{
"name": "1031578",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031578"
}
]
}
}

150
2015/0xxx/CVE-2015-0620.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0620",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37491",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37491"
},
{
"name" : "20150216 Cisco TelePresence Management Suite XML Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0620"
},
{
"name" : "1031753",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031753"
},
{
"name" : "cisco-telepresence-cve20150620-dos(100924)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100924"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) and earlier does not properly handle external entities, which allows remote authenticated users to cause a denial of service via POST requests, aka Bug ID CSCus51494."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cisco-telepresence-cve20150620-dos(100924)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100924"
},
{
"name": "1031753",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031753"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37491",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37491"
},
{
"name": "20150216 Cisco TelePresence Management Suite XML Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0620"
}
]
}
}

140
2015/0xxx/CVE-2015-0718.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0718",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20160302 Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack"
},
{
"name" : "1035159",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035159"
},
{
"name" : "1035160",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035160"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session, aka Bug ID CSCub70579."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1035159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035159"
},
{
"name": "20160302 Cisco NX-OS Software TCP Netstack Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160302-netstack"
},
{
"name": "1035160",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035160"
}
]
}
}

300
2015/1xxx/CVE-2015-1349.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1349",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1349",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.isc.org/article/AA-01235",
"refsource" : "CONFIRM",
"url" : "https://kb.isc.org/article/AA-01235"
},
{
"name" : "http://advisories.mageia.org/MGASA-2015-0082.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2015-0082.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1193820",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1193820"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10116",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10116"
},
{
"name" : "https://support.apple.com/HT205219",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205219"
},
{
"name" : "https://kb.juniper.net/JSA10783",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10783"
},
{
"name" : "APPLE-SA-2015-09-16-4",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"name" : "FEDORA-2015-2543",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150904.html"
},
{
"name" : "FEDORA-2015-2548",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150905.html"
},
{
"name" : "GLSA-201510-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201510-01"
},
{
"name" : "HPSBUX03379",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143740940810833&w=2"
},
{
"name" : "SSRT101976",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143740940810833&w=2"
},
{
"name" : "MDVSA-2015:054",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:054"
},
{
"name" : "MDVSA-2015:165",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:165"
},
{
"name" : "RHSA-2015:0672",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0672.html"
},
{
"name" : "openSUSE-SU-2015:1326",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html"
},
{
"name" : "SUSE-SU-2015:1205",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html"
},
{
"name" : "openSUSE-SU-2015:1250",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html"
},
{
"name" : "USN-2503-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2503-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x before 9.10.1-P2, when DNSSEC validation and the managed-keys feature are enabled, allows remote attackers to cause a denial of service (assertion failure and daemon exit, or daemon crash) by triggering an incorrect trust-anchor management scenario in which no key is ready for use."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:1326",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00050.html"
},
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0082.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0082.html"
},
{
"name": "MDVSA-2015:165",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:165"
},
{
"name": "https://kb.isc.org/article/AA-01235",
"refsource": "CONFIRM",
"url": "https://kb.isc.org/article/AA-01235"
},
{
"name": "SUSE-SU-2015:1205",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00013.html"
},
{
"name": "openSUSE-SU-2015:1250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-07/msg00038.html"
},
{
"name": "MDVSA-2015:054",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:054"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10116",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10116"
},
{
"name": "FEDORA-2015-2543",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150904.html"
},
{
"name": "GLSA-201510-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-01"
},
{
"name": "HPSBUX03379",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143740940810833&w=2"
},
{
"name": "SSRT101976",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143740940810833&w=2"
},
{
"name": "USN-2503-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2503-1"
},
{
"name": "FEDORA-2015-2548",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/150905.html"
},
{
"name": "APPLE-SA-2015-09-16-4",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html"
},
{
"name": "https://support.apple.com/HT205219",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205219"
},
{
"name": "RHSA-2015:0672",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0672.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1193820",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1193820"
}
]
}
}

140
2015/1xxx/CVE-2015-1512.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1512",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in FancyFon FAMOC before 3.17.4 allow remote attackers to inject arbitrary web script or HTML via the (1) LoginForm[username] to ui/system/login or the (2) order or (3) myorgs to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1512",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/130119/FancyFon-FAMOC-3.16.5-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130119/FancyFon-FAMOC-3.16.5-Cross-Site-Scripting.html"
},
{
"name" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2014-011.txt",
"refsource" : "MISC",
"url" : "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2014-011.txt"
},
{
"name" : "famoc-index-xss(100410)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100410"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in FancyFon FAMOC before 3.17.4 allow remote attackers to inject arbitrary web script or HTML via the (1) LoginForm[username] to ui/system/login or the (2) order or (3) myorgs to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2014-011.txt",
"refsource": "MISC",
"url": "https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2014-011.txt"
},
{
"name": "famoc-index-xss(100410)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100410"
},
{
"name": "http://packetstormsecurity.com/files/130119/FancyFon-FAMOC-3.16.5-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130119/FancyFon-FAMOC-3.16.5-Cross-Site-Scripting.html"
}
]
}
}

130
2015/1xxx/CVE-2015-1548.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1548",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://itinsight.hu/en/posts/articles/2015-01-23-mini-httpd/",
"refsource" : "MISC",
"url" : "http://itinsight.hu/en/posts/articles/2015-01-23-mini-httpd/"
},
{
"name" : "73450",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73450"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "mini_httpd 1.21 and earlier allows remote attackers to obtain sensitive information from process memory via an HTTP request with a long protocol string, which triggers an incorrect response size calculation and an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "73450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73450"
},
{
"name": "http://itinsight.hu/en/posts/articles/2015-01-23-mini-httpd/",
"refsource": "MISC",
"url": "http://itinsight.hu/en/posts/articles/2015-01-23-mini-httpd/"
}
]
}
}

330
2015/1xxx/CVE-2015-1798.json
View File

@ -1,167 +1,167 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1798",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://bugs.ntp.org/show_bug.cgi?id=2779",
"refsource" : "CONFIRM",
"url" : "http://bugs.ntp.org/show_bug.cgi?id=2779"
},
{
"name" : "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource" : "CONFIRM",
"url" : "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10114",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10114"
},
{
"name" : "http://support.apple.com/kb/HT204942",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT204942"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name" : "APPLE-SA-2015-06-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name" : "20150408 Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd"
},
{
"name" : "20150408 Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38276"
},
{
"name" : "DSA-3223",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3223"
},
{
"name" : "FEDORA-2015-5761",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html"
},
{
"name" : "FEDORA-2015-5874",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html"
},
{
"name" : "GLSA-201509-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201509-01"
},
{
"name" : "HPSBUX03333",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143213867103400&w=2"
},
{
"name" : "SSRT102029",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143213867103400&w=2"
},
{
"name" : "MDVSA-2015:202",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:202"
},
{
"name" : "RHSA-2015:1459",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"name" : "openSUSE-SU-2015:0775",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html"
},
{
"name" : "USN-2567-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2567-1"
},
{
"name" : "VU#374268",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/374268"
},
{
"name" : "73951",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73951"
},
{
"name" : "1032032",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032032"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The symmetric-key feature in the receive function in ntp_proto.c in ntpd in NTP 4.x before 4.2.8p2 requires a correct MAC only if the MAC field has a nonzero length, which makes it easier for man-in-the-middle attackers to spoof packets by omitting the MAC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032032",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032032"
},
{
"name": "USN-2567-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2567-1"
},
{
"name": "VU#374268",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/374268"
},
{
"name": "SSRT102029",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143213867103400&w=2"
},
{
"name": "FEDORA-2015-5761",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155864.html"
},
{
"name": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities",
"refsource": "CONFIRM",
"url": "http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10114",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10114"
},
{
"name": "FEDORA-2015-5874",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155863.html"
},
{
"name": "APPLE-SA-2015-06-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "openSUSE-SU-2015:0775",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00052.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "GLSA-201509-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-01"
},
{
"name": "20150408 Network Time Protocol Daemon MAC Checking Failure Authentication Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38276"
},
{
"name": "HPSBUX03333",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143213867103400&w=2"
},
{
"name": "MDVSA-2015:202",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:202"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "73951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73951"
},
{
"name": "http://support.apple.com/kb/HT204942",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204942"
},
{
"name": "RHSA-2015:1459",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1459.html"
},
{
"name": "20150408 Multiple Vulnerabilities in ntpd (April 2015) Affecting Cisco Products",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150408-ntpd"
},
{
"name": "http://bugs.ntp.org/show_bug.cgi?id=2779",
"refsource": "CONFIRM",
"url": "http://bugs.ntp.org/show_bug.cgi?id=2779"
},
{
"name": "DSA-3223",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3223"
}
]
}
}

34
2015/1xxx/CVE-2015-1850.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1850",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1850",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2015/1xxx/CVE-2015-1985.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1985",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1985",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971445",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21971445"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows local users to bypass an intended password requirement and read private keys by leveraging the existence of a stash file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21971445",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21971445"
}
]
}
}

160
2015/5xxx/CVE-2015-5654.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5654",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-5654",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21975256",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21975256"
},
{
"name" : "JVN#13456571",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN13456571/index.html"
},
{
"name" : "JVNDB-2015-000153",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000153"
},
{
"name" : "77026",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77026"
},
{
"name" : "1034848",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034848"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "77026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77026"
},
{
"name": "JVNDB-2015-000153",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000153"
},
{
"name": "JVN#13456571",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN13456571/index.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21975256",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21975256"
},
{
"name": "1034848",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034848"
}
]
}
}

140
2015/5xxx/CVE-2015-5687.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5687",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5687",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150827 AnchorCMS - PHP Object Injection (CVE-2015-5687) and More",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Aug/76"
},
{
"name" : "20150829 Re: AnchorCMS - PHP Object Injection (CVE-2015-5687) and More",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Aug/83"
},
{
"name" : "https://github.com/anchorcms/anchor-cms/pull/904",
"refsource" : "CONFIRM",
"url" : "https://github.com/anchorcms/anchor-cms/pull/904"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in a cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/anchorcms/anchor-cms/pull/904",
"refsource": "CONFIRM",
"url": "https://github.com/anchorcms/anchor-cms/pull/904"
},
{
"name": "20150827 AnchorCMS - PHP Object Injection (CVE-2015-5687) and More",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Aug/76"
},
{
"name": "20150829 Re: AnchorCMS - PHP Object Injection (CVE-2015-5687) and More",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Aug/83"
}
]
}
}

140
2018/11xxx/CVE-2018-11163.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/71"
},
{
"name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html"
},
{
"name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 21 of 46)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/71"
},
{
"name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html"
},
{
"name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities"
}
]
}
}

150
2018/11xxx/CVE-2018-11688.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11688",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/542060/100/0/threaded"
},
{
"name" : "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jun/13"
},
{
"name" : "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html"
},
{
"name" : "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688",
"refsource" : "MISC",
"url" : "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ignite Realtime Openfire 3.7.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jun/13"
},
{
"name": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688",
"refsource": "MISC",
"url": "https://vulmon.com/vulnerabilitydetails?qid=CVE-2018-11688"
},
{
"name": "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148057/Ignite-Realtime-Openfire-3.7.1-Cross-Site-Scripting.html"
},
{
"name": "20180605 Ignite Realtime Openfire Version 3.7.1 Reflected Cross Site Scripting (CVE-2018-11688)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/542060/100/0/threaded"
}
]
}
}

34
2018/3xxx/CVE-2018-3119.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3119",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3119",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/3xxx/CVE-2018-3522.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3522",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3522",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/6xxx/CVE-2018-6059.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6059",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6059",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/7xxx/CVE-2018-7091.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"ID" : "CVE-2018-7091",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HPE XP P9000 Command View Advanced Edition Software (CVAE)",
"version" : {
"version_data" : [
{
"version_value" : "versions 7.0.0-00 to earlier than 8.60-00"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "open redirect"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2018-7091",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE XP P9000 Command View Advanced Edition Software (CVAE)",
"version": {
"version_data": [
{
"version_value": "versions 7.0.0-00 to earlier than 8.60-00"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03859en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03859en_us"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HPE XP P9000 Command View Advanced Edition Software (CVAE) has open URL redirection vulnerability in versions 7.0.0-00 to earlier than 8.60-00 of DevMgr, TSMgr and RepMgr."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "open redirect"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03859en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbst03859en_us"
}
]
}
}

34
2018/7xxx/CVE-2018-7124.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7124",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7124",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/7xxx/CVE-2018-7198.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7198",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44144",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44144/"
},
{
"name" : "http://securitywarrior9.blogspot.com/2018/02/html-injection-october-cms.html",
"refsource" : "MISC",
"url" : "http://securitywarrior9.blogspot.com/2018/02/html-injection-october-cms.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44144",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44144/"
},
{
"name": "http://securitywarrior9.blogspot.com/2018/02/html-injection-october-cms.html",
"refsource": "MISC",
"url": "http://securitywarrior9.blogspot.com/2018/02/html-injection-october-cms.html"
}
]
}
}

34
2018/7xxx/CVE-2018-7258.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7258",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7258",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

218
2018/8xxx/CVE-2018-8281.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8281",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Excel Viewer",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Excel Viewer"
}
]
}
},
{
"product_name" : "Microsoft PowerPoint Viewer",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft PowerPoint Viewer"
}
]
}
},
{
"product_name" : "Microsoft Office",
"version" : {
"version_data" : [
{
"version_value" : "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value" : "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"version_value" : "2016 for Mac"
},
{
"version_value" : "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name" : "Microsoft Office Word Viewer",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft Office Word Viewer"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office, Microsoft Office Word Viewer."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8281",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Excel Viewer",
"version": {
"version_data": [
{
"version_value": "Microsoft Excel Viewer"
}
]
}
},
{
"product_name": "Microsoft PowerPoint Viewer",
"version": {
"version_data": [
{
"version_value": "Microsoft PowerPoint Viewer"
}
]
}
},
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
},
{
"version_value": "2016 for Mac"
},
{
"version_value": "Compatibility Pack Service Pack 3"
}
]
}
},
{
"product_name": "Microsoft Office Word Viewer",
"version": {
"version_data": [
{
"version_value": "Microsoft Office Word Viewer"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8281",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8281"
},
{
"name" : "104609",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104609"
},
{
"name" : "1041252",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041252"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka \"Microsoft Office Remote Code Execution Vulnerability.\" This affects Microsoft Excel Viewer, Microsoft PowerPoint Viewer, Microsoft Office, Microsoft Office Word Viewer."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041252",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041252"
},
{
"name": "104609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104609"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8281",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8281"
}
]
}
}

164
2018/8xxx/CVE-2018-8531.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8531",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8531",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hub Device Client SDK",
"version": {
"version_data": [
{
"version_value": "Azure IoT"
}
]
}
},
{
"product_name": "Azure IoT Edge",
"version": {
"version_data": [
{
"version_value": "Azure IoT Edge"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"product" : {
"product_data" : [
{
"product_name" : "Hub Device Client SDK",
"version" : {
"version_data" : [
{
"version_value" : "Azure IoT"
}
]
}
},
{
"product_name" : "Azure IoT Edge",
"version" : {
"version_data" : [
{
"version_value" : "Azure IoT Edge"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka \"Azure IoT Device Client SDK Memory Corruption Vulnerability.\" This affects Hub Device Client SDK, Azure IoT Edge."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that Azure IoT Hub Device Client SDK using MQTT protocol accesses objects in memory, aka \"Azure IoT Device Client SDK Memory Corruption Vulnerability.\" This affects Hub Device Client SDK, Azure IoT Edge."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
]
},
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8531",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8531"
},
{
"name" : "105472",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105472"
}
]
}
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105472",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105472"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8531",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8531"
}
]
}
}