admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:01:02 +00:00
parent a5590b6b1e
commit 70bb6a4f50
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 4405 additions and 4405 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2002/2xxx/CVE-2002-2338.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2338",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2338",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020612 Another small DoS on Mozilla <= 1.0 through pop3",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/276628"
},
{
"name" : "20020614 Another small DoS on Mozilla <= 1.0 through pop3",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/276946"
},
{
"name" : "http://bugzilla.mozilla.org/show_bug.cgi?id=144228",
"refsource" : "CONFIRM",
"url" : "http://bugzilla.mozilla.org/show_bug.cgi?id=144228"
},
{
"name" : "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
"refsource" : "CONFIRM",
"url" : "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
},
{
"name" : "MDKSA-2002:074",
"refsource" : "MANDRAKE",
"url" : "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
},
{
"name" : "5002",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5002"
},
{
"name" : "mozilla-netscape-pop3-dos(9343)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9343.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020614 Another small DoS on Mozilla <= 1.0 through pop3",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/276946"
},
{
"name": "20020612 Another small DoS on Mozilla <= 1.0 through pop3",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/276628"
},
{
"name": "MDKSA-2002:074",
"refsource": "MANDRAKE",
"url": "http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:074"
},
{
"name": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228",
"refsource": "CONFIRM",
"url": "http://bugzilla.mozilla.org/show_bug.cgi?id=144228"
},
{
"name": "5002",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5002"
},
{
"name": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html",
"refsource": "CONFIRM",
"url": "http://mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html"
},
{
"name": "mozilla-netscape-pop3-dos(9343)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9343.php"
}
]
}
}

34
2005/0xxx/CVE-2005-0123.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0123",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-0123",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2005. Notes: none."
}
]
}
}

230
2005/0xxx/CVE-2005-0208.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0208",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes \"an invalid memory access,\" a different vulnerability than CVE-2005-0473."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://gaim.sourceforge.net/security/?id=12",
"refsource" : "CONFIRM",
"url" : "http://gaim.sourceforge.net/security/?id=12"
},
{
"name" : "CLA-2005:933",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000933"
},
{
"name" : "FLSA:158543",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/426078/100/0/threaded"
},
{
"name" : "GLSA-200503-03",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-03.xml"
},
{
"name" : "MDKSA-2005:049",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:049"
},
{
"name" : "RHSA-2005:215",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-215.html"
},
{
"name" : "20050225 [USN-85-1] Gaim vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110935655500670&w=2"
},
{
"name" : "SUSE-SA:2005:036",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_36_sudo.html"
},
{
"name" : "VU#795812",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/795812"
},
{
"name" : "12660",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12660"
},
{
"name" : "oval:org.mitre.oval:def:10477",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10477"
},
{
"name" : "14386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14386"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes \"an invalid memory access,\" a different vulnerability than CVE-2005-0473."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#795812",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/795812"
},
{
"name": "FLSA:158543",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/426078/100/0/threaded"
},
{
"name": "http://gaim.sourceforge.net/security/?id=12",
"refsource": "CONFIRM",
"url": "http://gaim.sourceforge.net/security/?id=12"
},
{
"name": "14386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14386"
},
{
"name": "oval:org.mitre.oval:def:10477",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10477"
},
{
"name": "GLSA-200503-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-03.xml"
},
{
"name": "20050225 [USN-85-1] Gaim vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110935655500670&w=2"
},
{
"name": "MDKSA-2005:049",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:049"
},
{
"name": "12660",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12660"
},
{
"name": "CLA-2005:933",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000933"
},
{
"name": "RHSA-2005:215",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-215.html"
},
{
"name": "SUSE-SA:2005:036",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_36_sudo.html"
}
]
}
}

150
2005/0xxx/CVE-2005-0214.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0214",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0214",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050107 Simple PHP Blog directory traversal vulnerability ",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110512850603989&w=2"
},
{
"name" : "20050107 Simple PHP Blog directory traversal vulnerability ",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0210.html"
},
{
"name" : "12193",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12193"
},
{
"name" : "sphp-dotdot-directory-traversal(18802)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18802"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "FULLDISC",
"name": "20050107 Simple PHP Blog directory traversal vulnerability",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0210.html"
},
{
"refsource": "BUGTRAQ",
"name": "20050107 Simple PHP Blog directory traversal vulnerability",
"url": "http://marc.info/?l=bugtraq&m=110512850603989&w=2"
},
{
"name": "sphp-dotdot-directory-traversal(18802)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18802"
},
{
"name": "12193",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12193"
}
]
}
}

170
2005/0xxx/CVE-2005-0293.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0293",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in minis.php in Minis 0.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the month parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050116 Minis directory traversal vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110599953704025&w=2"
},
{
"name" : "20050116 Minis directory traversal vulnerability",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030966.html"
},
{
"name" : "12279",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12279"
},
{
"name" : "1012911",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1012911"
},
{
"name" : "13866",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13866"
},
{
"name" : "minis-month-directory-traversal(18928)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18928"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in minis.php in Minis 0.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the month parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1012911",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012911"
},
{
"name": "20050116 Minis directory traversal vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030966.html"
},
{
"name": "13866",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13866"
},
{
"name": "minis-month-directory-traversal(18928)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18928"
},
{
"name": "20050116 Minis directory traversal vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110599953704025&w=2"
},
{
"name": "12279",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12279"
}
]
}
}

170
2005/0xxx/CVE-2005-0305.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0305",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0305",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050120 God Admin Injection Vulnerability in Siteman 1.0.x,",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110627350616949&w=2"
},
{
"name" : "20050122 Siteman User Database Line Insertion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110643320814371&w=2"
},
{
"name" : "12304",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12304"
},
{
"name" : "13131",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/13131"
},
{
"name" : "1012951",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1012951"
},
{
"name" : "siteman-gain-access(18998)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18998"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1012951",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012951"
},
{
"name": "13131",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/13131"
},
{
"name": "20050120 God Admin Injection Vulnerability in Siteman 1.0.x,",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110627350616949&w=2"
},
{
"name": "12304",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12304"
},
{
"name": "siteman-gain-access(18998)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18998"
},
{
"name": "20050122 Siteman User Database Line Insertion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110643320814371&w=2"
}
]
}
}

140
2005/0xxx/CVE-2005-0415.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0415",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0415",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=303465",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=303465"
},
{
"name" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1116935&group_id=37219&atid=419458",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/tracker/index.php?func=detail&aid=1116935&group_id=37219&atid=419458"
},
{
"name" : "emdros-mql-dos(19273)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19273"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "emdros-mql-dos(19273)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19273"
},
{
"name": "http://sourceforge.net/tracker/index.php?func=detail&aid=1116935&group_id=37219&atid=419458",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/index.php?func=detail&aid=1116935&group_id=37219&atid=419458"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=303465",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=303465"
}
]
}
}

160
2005/0xxx/CVE-2005-0624.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0624",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050228 [USN-88-1] reportbug information disclosure",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110972153627388&w=2"
},
{
"name" : "https://bugzilla.ubuntu.com/show_bug.cgi?id=6600",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.ubuntu.com/show_bug.cgi?id=6600"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295407",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295407"
},
{
"name" : "14422",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14422/"
},
{
"name" : "reportbug-file-world-readable(19504)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19504"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "reportbug before 2.62 creates the .reportbugrc configuration file with world-readable permissions, which allows local users to obtain email smarthost passwords."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295407",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=295407"
},
{
"name": "https://bugzilla.ubuntu.com/show_bug.cgi?id=6600",
"refsource": "CONFIRM",
"url": "https://bugzilla.ubuntu.com/show_bug.cgi?id=6600"
},
{
"name": "reportbug-file-world-readable(19504)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19504"
},
{
"name": "20050228 [USN-88-1] reportbug information disclosure",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110972153627388&w=2"
},
{
"name": "14422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14422/"
}
]
}
}

180
2005/1xxx/CVE-2005-1261.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1261",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-1261",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://gaim.sourceforge.net/security/index.php?id=16",
"refsource" : "CONFIRM",
"url" : "http://gaim.sourceforge.net/security/index.php?id=16"
},
{
"name" : "FLSA:158543",
"refsource" : "FEDORA",
"url" : "http://www.securityfocus.com/archive/1/426078/100/0/threaded"
},
{
"name" : "RHSA-2005:429",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-429.html"
},
{
"name" : "RHSA-2005:432",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-432.html"
},
{
"name" : "13590",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13590"
},
{
"name" : "oval:org.mitre.oval:def:10725",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10725"
},
{
"name" : "ADV-2005-0519",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0519"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13590",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13590"
},
{
"name": "FLSA:158543",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/426078/100/0/threaded"
},
{
"name": "ADV-2005-0519",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0519"
},
{
"name": "http://gaim.sourceforge.net/security/index.php?id=16",
"refsource": "CONFIRM",
"url": "http://gaim.sourceforge.net/security/index.php?id=16"
},
{
"name": "RHSA-2005:429",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-429.html"
},
{
"name": "oval:org.mitre.oval:def:10725",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10725"
},
{
"name": "RHSA-2005:432",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-432.html"
}
]
}
}

140
2005/1xxx/CVE-2005-1952.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1952",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each .. (dot dot) sequence in the URL, which results in an incorrect directory depth count."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1952",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050611 Multiple vulnerabilities in Pico Server (pServ) v3.3",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111852830111316&w=2"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?group_id=59378&release_id=334036",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?group_id=59378&release_id=334036"
},
{
"name" : "15663",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15663"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each .. (dot dot) sequence in the URL, which results in an incorrect directory depth count."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15663"
},
{
"name": "20050611 Multiple vulnerabilities in Pico Server (pServ) v3.3",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111852830111316&w=2"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=59378&release_id=334036",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=59378&release_id=334036"
}
]
}
}

150
2005/4xxx/CVE-2005-4009.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4009",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/11/calendar-express-2-sql-inj-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/calendar-express-2-sql-inj-vuln.html"
},
{
"name" : "21402",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21402"
},
{
"name" : "21403",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21403"
},
{
"name" : "21405",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21405"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PHP Lite Calendar Express 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cid and (2) catid parameters to (a) day.php, (b) week.php, (c) month.php, and (d) year.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://pridels0.blogspot.com/2005/11/calendar-express-2-sql-inj-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/calendar-express-2-sql-inj-vuln.html"
},
{
"name": "21403",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21403"
},
{
"name": "21405",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21405"
},
{
"name": "21402",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21402"
}
]
}
}

210
2005/4xxx/CVE-2005-4169.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4169",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4169",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051125 eFiction <= 2.0 multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html"
},
{
"name" : "http://rgod.altervista.org/efiction2_xpl.html",
"refsource" : "MISC",
"url" : "http://rgod.altervista.org/efiction2_xpl.html"
},
{
"name" : "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555",
"refsource" : "CONFIRM",
"url" : "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555"
},
{
"name" : "15568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15568"
},
{
"name" : "ADV-2005-2606",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2606"
},
{
"name" : "21119",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21119"
},
{
"name" : "21121",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21121"
},
{
"name" : "1015273",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015273"
},
{
"name" : "17777",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17777"
},
{
"name" : "efiction-multiple-scripts-sql-injection(23373)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23373"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "efiction-multiple-scripts-sql-injection(23373)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23373"
},
{
"name": "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555",
"refsource": "CONFIRM",
"url": "http://www.efiction.wallflowergirl.com/forums/viewtopic.php?t=1555"
},
{
"name": "15568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15568"
},
{
"name": "ADV-2005-2606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2606"
},
{
"name": "http://rgod.altervista.org/efiction2_xpl.html",
"refsource": "MISC",
"url": "http://rgod.altervista.org/efiction2_xpl.html"
},
{
"name": "17777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17777"
},
{
"name": "1015273",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015273"
},
{
"name": "21121",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21121"
},
{
"name": "20051125 eFiction <= 2.0 multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html"
},
{
"name": "21119",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21119"
}
]
}
}

160
2005/4xxx/CVE-2005-4395.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4395",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the criteria parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4395",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/farcry-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/farcry-xss-vuln.html"
},
{
"name" : "15946",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15946"
},
{
"name" : "ADV-2005-2986",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2986"
},
{
"name" : "21826",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21826"
},
{
"name" : "18129",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18129"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the criteria parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2986",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2986"
},
{
"name": "15946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15946"
},
{
"name": "http://pridels0.blogspot.com/2005/12/farcry-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/farcry-xss-vuln.html"
},
{
"name": "21826",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21826"
},
{
"name": "18129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18129"
}
]
}
}

180
2005/4xxx/CVE-2005-4505.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4505",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious \"program.exe\" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted \"Program Files\" path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051222 Privilege escalation in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5)",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420104/100/0/threaded"
},
{
"name" : "http://reedarvin.thearvins.com/20051222-01.html",
"refsource" : "MISC",
"url" : "http://reedarvin.thearvins.com/20051222-01.html"
},
{
"name" : "16040",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16040"
},
{
"name" : "ADV-2005-3077",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/3077"
},
{
"name" : "1015404",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015404"
},
{
"name" : "292",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/292"
},
{
"name" : "mcafee-naprdmgr-privilege-escalation(23815)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23815"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious \"program.exe\" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted \"Program Files\" path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://reedarvin.thearvins.com/20051222-01.html",
"refsource": "MISC",
"url": "http://reedarvin.thearvins.com/20051222-01.html"
},
{
"name": "20051222 Privilege escalation in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420104/100/0/threaded"
},
{
"name": "mcafee-naprdmgr-privilege-escalation(23815)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23815"
},
{
"name": "ADV-2005-3077",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3077"
},
{
"name": "1015404",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015404"
},
{
"name": "292",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/292"
},
{
"name": "16040",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16040"
}
]
}
}

180
2005/4xxx/CVE-2005-4594.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051230 Secunia Research: TUGZip ARJ Archive Handling Buffer OverflowVulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420538/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2005-63/advisory/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2005-63/advisory/"
},
{
"name" : "16084",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16084"
},
{
"name" : "22120",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22120"
},
{
"name" : "17086",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17086"
},
{
"name" : "309",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/309"
},
{
"name" : "tugzip-arj-bo(23915)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23915"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tugzip-arj-bo(23915)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23915"
},
{
"name": "309",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/309"
},
{
"name": "http://secunia.com/secunia_research/2005-63/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2005-63/advisory/"
},
{
"name": "20051230 Secunia Research: TUGZip ARJ Archive Handling Buffer OverflowVulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420538/100/0/threaded"
},
{
"name": "16084",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16084"
},
{
"name": "22120",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22120"
},
{
"name": "17086",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17086"
}
]
}
}

180
2005/4xxx/CVE-2005-4719.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4719",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/11/systems-panel-v10x-multiple-sql-inj.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/systems-panel-v10x-multiple-sql-inj.html"
},
{
"name" : "21320",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21320"
},
{
"name" : "21321",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21321"
},
{
"name" : "21322",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21322"
},
{
"name" : "21323",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21323"
},
{
"name" : "21324",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21324"
},
{
"name" : "21325",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21325"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21325",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21325"
},
{
"name": "21321",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21321"
},
{
"name": "http://pridels0.blogspot.com/2005/11/systems-panel-v10x-multiple-sql-inj.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/systems-panel-v10x-multiple-sql-inj.html"
},
{
"name": "21320",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21320"
},
{
"name": "21322",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21322"
},
{
"name": "21323",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21323"
},
{
"name": "21324",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21324"
}
]
}
}

220
2009/0xxx/CVE-2009-0234.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0234",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger \"unnecessary lookups,\" aka \"DNS Server Response Validation Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-0234",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx",
"refsource" : "CONFIRM",
"url" : "http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm"
},
{
"name" : "MS09-008",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-008"
},
{
"name" : "TA09-069A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-069A.html"
},
{
"name" : "VU#319331",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/319331"
},
{
"name" : "33988",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33988"
},
{
"name" : "52518",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52518"
},
{
"name" : "oval:org.mitre.oval:def:5715",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5715"
},
{
"name" : "1021831",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021831"
},
{
"name" : "34217",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34217"
},
{
"name" : "ADV-2009-0661",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0661"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger \"unnecessary lookups,\" aka \"DNS Server Response Validation Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-069A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-069A.html"
},
{
"name": "ADV-2009-0661",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0661"
},
{
"name": "34217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34217"
},
{
"name": "VU#319331",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/319331"
},
{
"name": "52518",
"refsource": "OSVDB",
"url": "http://osvdb.org/52518"
},
{
"name": "oval:org.mitre.oval:def:5715",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5715"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-083.htm"
},
{
"name": "33988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33988"
},
{
"name": "MS09-008",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-008"
},
{
"name": "1021831",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021831"
},
{
"name": "http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx",
"refsource": "CONFIRM",
"url": "http://blogs.technet.com/srd/archive/2009/03/13/ms09-008-dns-and-wins-server-security-update-in-more-detail.aspx"
}
]
}
}

34
2009/0xxx/CVE-2009-0242.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0242",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** gmetad in Ganglia 3.1.1, when supporting multiple requests per connection on an interactive port, allows remote attackers to cause a denial of service via a request to the gmetad service with a path that does not exist, which causes Ganglia to (1) perform excessive CPU computation and (2) send the entire tree, which consumes network bandwidth. NOTE: the vendor and original researcher have disputed this issue, since legitimate requests can generate the same amount of resource consumption. CVE concurs with the dispute, so this identifier should not be used."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2009-0242",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** gmetad in Ganglia 3.1.1, when supporting multiple requests per connection on an interactive port, allows remote attackers to cause a denial of service via a request to the gmetad service with a path that does not exist, which causes Ganglia to (1) perform excessive CPU computation and (2) send the entire tree, which consumes network bandwidth. NOTE: the vendor and original researcher have disputed this issue, since legitimate requests can generate the same amount of resource consumption. CVE concurs with the dispute, so this identifier should not be used."
}
]
}
}

150
2009/0xxx/CVE-2009-0315.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/01/26/2"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=481560",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=481560"
},
{
"name" : "MDVSA-2009:059",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:059"
},
{
"name" : "33444",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33444"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in the Python module in xchat allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=481560",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=481560"
},
{
"name": "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
},
{
"name": "33444",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33444"
},
{
"name": "MDVSA-2009:059",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:059"
}
]
}
}

190
2009/0xxx/CVE-2009-0713.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0713",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows remote attackers to obtain sensitive information via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA02412",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01655638"
},
{
"name" : "SSRT080040",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01655638"
},
{
"name" : "HPSBMA02413",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=123688841217193&w=2"
},
{
"name" : "34078",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34078"
},
{
"name" : "52591",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52591"
},
{
"name" : "1021836",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021836"
},
{
"name" : "34276",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34276"
},
{
"name" : "ADV-2009-0671",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager before 2.5.2.0 allows remote attackers to obtain sensitive information via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBMA02413",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=123688841217193&w=2"
},
{
"name": "1021836",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021836"
},
{
"name": "SSRT080040",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01655638"
},
{
"name": "34078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34078"
},
{
"name": "34276",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34276"
},
{
"name": "HPSBMA02412",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01655638"
},
{
"name": "ADV-2009-0671",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0671"
},
{
"name": "52591",
"refsource": "OSVDB",
"url": "http://osvdb.org/52591"
}
]
}
}

400
2009/1xxx/CVE-2009-1105.json
View File

@ -1,202 +1,202 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1105",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1105",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name" : "http://support.apple.com/kb/HT4171",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4171"
},
{
"name" : "APPLE-SA-2010-05-18-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name" : "GLSA-200911-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name" : "HPSBMA02429",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
},
{
"name" : "SSRT090058",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
},
{
"name" : "HPSBUX02429",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124344236532162&w=2"
},
{
"name" : "RHSA-2009:0392",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
},
{
"name" : "RHSA-2009:1038",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
},
{
"name" : "RHSA-2009:1198",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
},
{
"name" : "254611",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
},
{
"name" : "SUSE-SA:2009:016",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"name" : "SUSE-SA:2009:036",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
},
{
"name" : "34240",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34240"
},
{
"name" : "oval:org.mitre.oval:def:6642",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642"
},
{
"name" : "1021920",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021920"
},
{
"name" : "34496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34496"
},
{
"name" : "35156",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35156"
},
{
"name" : "35255",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35255"
},
{
"name" : "36185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36185"
},
{
"name" : "37386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37386"
},
{
"name" : "37460",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37460"
},
{
"name" : "39819",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39819"
},
{
"name" : "ADV-2009-1426",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1426"
},
{
"name" : "ADV-2009-3316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name" : "ADV-2010-1191",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1191"
},
{
"name" : "jre-plugin-weak-security(49458)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49458"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2009:036",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
},
{
"name": "APPLE-SA-2010-05-18-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"
},
{
"name": "SSRT090058",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
},
{
"name": "35156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35156"
},
{
"name": "39819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39819"
},
{
"name": "37460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37460"
},
{
"name": "GLSA-200911-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name": "RHSA-2009:1038",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
},
{
"name": "RHSA-2009:1198",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "HPSBUX02429",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124344236532162&w=2"
},
{
"name": "oval:org.mitre.oval:def:6642",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6642"
},
{
"name": "36185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36185"
},
{
"name": "35255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35255"
},
{
"name": "ADV-2009-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1426"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "RHSA-2009:0392",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
},
{
"name": "34240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34240"
},
{
"name": "34496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34496"
},
{
"name": "1021920",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021920"
},
{
"name": "HPSBMA02429",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
},
{
"name": "254611",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254611-1"
},
{
"name": "http://support.apple.com/kb/HT4171",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4171"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"name": "jre-plugin-weak-security(49458)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49458"
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
},
{
"name": "SUSE-SA:2009:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"name": "ADV-2010-1191",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1191"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}

170
2009/1xxx/CVE-2009-1119.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1119",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 and 6.3 before SP2 allow remote attackers to execute arbitrary code via a crafted message to (1) ctrlservice.exe or (2) rep_srv.exe, possibly related to an integer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2009-1119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090409 FGA-2009-003:EMC RepliStor Buffer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502575/100/0/threaded"
},
{
"name" : "http://www.fortiguardcenter.com/advisory/FGA-2009-13.html",
"refsource" : "MISC",
"url" : "http://www.fortiguardcenter.com/advisory/FGA-2009-13.html"
},
{
"name" : "34449",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34449"
},
{
"name" : "1022026",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022026"
},
{
"name" : "34699",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34699"
},
{
"name" : "ADV-2009-1018",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1018"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 and 6.3 before SP2 allow remote attackers to execute arbitrary code via a crafted message to (1) ctrlservice.exe or (2) rep_srv.exe, possibly related to an integer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.fortiguardcenter.com/advisory/FGA-2009-13.html",
"refsource": "MISC",
"url": "http://www.fortiguardcenter.com/advisory/FGA-2009-13.html"
},
{
"name": "34449",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34449"
},
{
"name": "ADV-2009-1018",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1018"
},
{
"name": "1022026",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022026"
},
{
"name": "20090409 FGA-2009-003:EMC RepliStor Buffer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502575/100/0/threaded"
},
{
"name": "34699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34699"
}
]
}
}

160
2009/1xxx/CVE-2009-1290.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1290",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1290",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name" : "http://www.louhinetworks.fi/advisory/ibm_090409.txt",
"refsource" : "MISC",
"url" : "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
},
{
"name" : "34447",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34447"
},
{
"name" : "53660",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/53660"
},
{
"name" : "1022025",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022025"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration interface in the Advanced Management Module (AMM) on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to hijack the authentication of administrators, as demonstrated by a power-off request to the private/blade_power_action script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090409 IBM BladeCenter Advanced Management Module Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502582/100/0/threaded"
},
{
"name": "34447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34447"
},
{
"name": "1022025",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022025"
},
{
"name": "53660",
"refsource": "OSVDB",
"url": "http://osvdb.org/53660"
},
{
"name": "http://www.louhinetworks.fi/advisory/ibm_090409.txt",
"refsource": "MISC",
"url": "http://www.louhinetworks.fi/advisory/ibm_090409.txt"
}
]
}
}

170
2009/4xxx/CVE-2009-4440.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4440",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to \"long binds,\" aka Bug Ids 6828462 and 6823593."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1",
"refsource" : "CONFIRM",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1"
},
{
"name" : "270789",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1"
},
{
"name" : "37481",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37481"
},
{
"name" : "1023389",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023389"
},
{
"name" : "37915",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37915"
},
{
"name" : "ADV-2009-3647",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3647"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to \"long binds,\" aka Bug Ids 6828462 and 6823593."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3647",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3647"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1",
"refsource": "CONFIRM",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-141958-01-1"
},
{
"name": "37481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37481"
},
{
"name": "1023389",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023389"
},
{
"name": "270789",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-270789-1"
},
{
"name": "37915",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37915"
}
]
}
}

160
2009/4xxx/CVE-2009-4498.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4498",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091213 Zabbix Server : Multiple remote vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508436/30/60/threaded"
},
{
"name" : "[oss-security] 20100402 RE: CVE Request -- Zabbix v1.8.2 and v.1.6.9",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2010/04/02/1"
},
{
"name" : "https://support.zabbix.com/browse/ZBX-1030",
"refsource" : "CONFIRM",
"url" : "https://support.zabbix.com/browse/ZBX-1030"
},
{
"name" : "37740",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37740"
},
{
"name" : "ADV-2009-3514",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3514"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20091213 Zabbix Server : Multiple remote vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508436/30/60/threaded"
},
{
"name": "https://support.zabbix.com/browse/ZBX-1030",
"refsource": "CONFIRM",
"url": "https://support.zabbix.com/browse/ZBX-1030"
},
{
"name": "[oss-security] 20100402 RE: CVE Request -- Zabbix v1.8.2 and v.1.6.9",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2010/04/02/1"
},
{
"name": "37740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37740"
},
{
"name": "ADV-2009-3514",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3514"
}
]
}
}

150
2009/4xxx/CVE-2009-4607.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4607",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the \"less\" utility with a higher-privileged uid than the CLI user and without sufficient restriction on shell escapes, which allows local users to gain privileges using the \"!\" character within less to access a privileged shell."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4607",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091020 Overland Guardian OS CLI command line bug - let you get uid 0 shell",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507318/100/0/threaded"
},
{
"name" : "http://www.juniper.net/security/auto/vulnerabilities/vuln36739.html",
"refsource" : "MISC",
"url" : "http://www.juniper.net/security/auto/vulnerabilities/vuln36739.html"
},
{
"name" : "36739",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36739"
},
{
"name" : "snapserver-less-priv-escalation(53881)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53881"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The command line interface in Overland Storage Snap Server 410 with GuardianOS 5.1.041 runs the \"less\" utility with a higher-privileged uid than the CLI user and without sufficient restriction on shell escapes, which allows local users to gain privileges using the \"!\" character within less to access a privileged shell."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36739",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36739"
},
{
"name": "snapserver-less-priv-escalation(53881)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53881"
},
{
"name": "http://www.juniper.net/security/auto/vulnerabilities/vuln36739.html",
"refsource": "MISC",
"url": "http://www.juniper.net/security/auto/vulnerabilities/vuln36739.html"
},
{
"name": "20091020 Overland Guardian OS CLI command line bug - let you get uid 0 shell",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507318/100/0/threaded"
}
]
}
}

130
2009/4xxx/CVE-2009-4658.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4658",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4658",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9717",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9717"
},
{
"name" : "xerver-admin-dos(53351)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53351"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xerver 4.32 allows remote authenticated users to cause a denial of service (daemon crash) via a non-numeric web port assignment in the management interface. NOTE: this can be leveraged by non-authenticated attackers using CVE-2009-4657."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9717",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9717"
},
{
"name": "xerver-admin-dos(53351)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53351"
}
]
}
}

130
2009/4xxx/CVE-2009-4671.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4671",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8797",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/8797"
},
{
"name" : "35237",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35237"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35237",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35237"
},
{
"name": "8797",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8797"
}
]
}
}

170
2009/4xxx/CVE-2009-4736.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4736",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in search.php in CommonSense CMS 5.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4736",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0607-exploits/newangels-11.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0607-exploits/newangels-11.txt"
},
{
"name" : "10766",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10766"
},
{
"name" : "18880",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/18880"
},
{
"name" : "61380",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/61380"
},
{
"name" : "37992",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37992"
},
{
"name" : "commonsense-search-xss(55158)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55158"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in search.php in CommonSense CMS 5.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18880",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18880"
},
{
"name": "37992",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37992"
},
{
"name": "http://packetstormsecurity.org/0607-exploits/newangels-11.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0607-exploits/newangels-11.txt"
},
{
"name": "61380",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61380"
},
{
"name": "10766",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10766"
},
{
"name": "commonsense-search-xss(55158)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55158"
}
]
}
}

140
2009/4xxx/CVE-2009-4890.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4890",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the login application in vBook 4.2.17 allow remote attackers to inject arbitrary web script or HTML via the (1) title and (2) message parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090309 DDIVRT-2009-21 vBook Login Application Cross-site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/501603/100/0/threaded"
},
{
"name" : "34046",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34046"
},
{
"name" : "vbook-title-message-xss(49161)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49161"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the login application in vBook 4.2.17 allow remote attackers to inject arbitrary web script or HTML via the (1) title and (2) message parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vbook-title-message-xss(49161)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49161"
},
{
"name": "20090309 DDIVRT-2009-21 vBook Login Application Cross-site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501603/100/0/threaded"
},
{
"name": "34046",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34046"
}
]
}
}

130
2009/5xxx/CVE-2009-5073.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5073",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka 6.0.0.8-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) by adding a nested group that contains the Distinguished Name (DN) of its parent entry."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5073",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg24029672",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg24029672"
},
{
"name" : "IO10802",
"refsource" : "AIXAPAR",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg1IO10802"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka 6.0.0.8-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) by adding a nested group that contains the Distinguished Name (DN) of its parent entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IO10802",
"refsource": "AIXAPAR",
"url": "http://www.ibm.com/support/docview.wss?uid=swg1IO10802"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg24029672",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg24029672"
}
]
}
}

160
2012/2xxx/CVE-2012-2351.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the \"Match username attribute to Remote username\" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120511 CVE request: mahara",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/11/9"
},
{
"name" : "[oss-security] 20120512 Re: CVE request: mahara",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/05/12/4"
},
{
"name" : "http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea",
"refsource" : "CONFIRM",
"url" : "http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea"
},
{
"name" : "https://bugs.launchpad.net/mahara/+bug/932909",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/mahara/+bug/932909"
},
{
"name" : "DSA-2467",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2467"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the \"Match username attribute to Remote username\" option to false, which allows remote SAML IdP servers to spoof users of other SAML IdP servers by using the same internal username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/mahara/+bug/932909",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/mahara/+bug/932909"
},
{
"name": "http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea",
"refsource": "CONFIRM",
"url": "http://gitorious.org/mahara/mahara/commit/f07be6020e70fa8f53cd77fdcd63e7fd7ff8aaea"
},
{
"name": "DSA-2467",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2467"
},
{
"name": "[oss-security] 20120511 CVE request: mahara",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/11/9"
},
{
"name": "[oss-security] 20120512 Re: CVE request: mahara",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/12/4"
}
]
}
}

34
2012/2xxx/CVE-2012-2761.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2761",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2761",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2012/3xxx/CVE-2012-3599.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5400",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5400"
},
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5503",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5503"
},
{
"name" : "APPLE-SA-2012-07-25-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple Safari before 6.0, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-07-25-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "APPLE-SA-2012-09-19-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html"
},
{
"name": "http://support.apple.com/kb/HT5503",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5503"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "APPLE-SA-2012-07-25-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Jul/msg00000.html"
},
{
"name": "http://support.apple.com/kb/HT5400",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5400"
}
]
}
}

260
2012/3xxx/CVE-2012-3978.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2012/mfsa2012-70.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2012/mfsa2012-70.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=770429",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=770429"
},
{
"name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"name" : "DSA-2553",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2553"
},
{
"name" : "DSA-2556",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2556"
},
{
"name" : "DSA-2554",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2554"
},
{
"name" : "RHSA-2012:1211",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1211.html"
},
{
"name" : "RHSA-2012:1210",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1210.html"
},
{
"name" : "SUSE-SU-2012:1167",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html"
},
{
"name" : "openSUSE-SU-2012:1065",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html"
},
{
"name" : "SUSE-SU-2012:1157",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html"
},
{
"name" : "USN-1548-2",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1548-2"
},
{
"name" : "USN-1548-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1548-1"
},
{
"name" : "55306",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55306"
},
{
"name" : "oval:org.mitre.oval:def:16923",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16923"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The nsLocation::CheckURL function in Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 does not properly follow the security model of the location object, which allows remote attackers to bypass intended content-loading restrictions or possibly have unspecified other impact via vectors involving chrome code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=770429",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=770429"
},
{
"name": "DSA-2556",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2556"
},
{
"name": "http://www.mozilla.org/security/announce/2012/mfsa2012-70.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2012/mfsa2012-70.html"
},
{
"name": "oval:org.mitre.oval:def:16923",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16923"
},
{
"name": "RHSA-2012:1211",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1211.html"
},
{
"name": "DSA-2553",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2553"
},
{
"name": "USN-1548-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1548-1"
},
{
"name": "USN-1548-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1548-2"
},
{
"name": "55306",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55306"
},
{
"name": "RHSA-2012:1210",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1210.html"
},
{
"name": "SUSE-SU-2012:1167",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00014.html"
},
{
"name": "DSA-2554",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2554"
},
{
"name": "SUSE-SU-2012:1157",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00011.html"
},
{
"name": "openSUSE-SU-2012:1065",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00028.html"
},
{
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
}
]
}
}

120
2012/6xxx/CVE-2012-6007.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6007",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-6007",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html",
"refsource" : "MISC",
"url" : "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in screens/base/web_auth_custom.html on Cisco Wireless LAN Controller (WLC) devices with software 7.2.110.0 allows remote authenticated users to inject arbitrary web script or HTML via the headline parameter, aka Bug ID CSCud65187, a different vulnerability than CVE-2012-5992."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html",
"refsource": "MISC",
"url": "http://infosec42.blogspot.dk/2012/12/cisco-wlc-csrf-dos-and-persistent-xss.html"
}
]
}
}

34
2012/6xxx/CVE-2012-6234.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6234",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6234",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

34
2012/6xxx/CVE-2012-6331.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6331",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6331",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2015/1xxx/CVE-2015-1051.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1051",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1051",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.drupal.org/node/2403351",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2403351"
},
{
"name" : "https://www.drupal.org/node/2402779",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2402779"
},
{
"name" : "FEDORA-2015-0717",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148782.html"
},
{
"name" : "FEDORA-2015-0726",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148800.html"
},
{
"name" : "71925",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71925"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the Context UI module in the Context module 7.x-3.x before 7.x-3.6 for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the destination parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2015-0726",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148800.html"
},
{
"name": "71925",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71925"
},
{
"name": "https://www.drupal.org/node/2402779",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2402779"
},
{
"name": "https://www.drupal.org/node/2403351",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2403351"
},
{
"name": "FEDORA-2015-0717",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148782.html"
}
]
}
}

490
2015/5xxx/CVE-2015-5307.json
View File

@ -1,247 +1,247 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5307",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20151110 Re: CVE-2015-5307 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #AC exception",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/11/10/6"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed",
"refsource" : "CONFIRM",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed"
},
{
"name" : "http://xenbits.xen.org/xsa/advisory-156.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-156.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1277172",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1277172"
},
{
"name" : "https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed",
"refsource" : "CONFIRM",
"url" : "https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "http://support.citrix.com/article/CTX202583",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX202583"
},
{
"name" : "https://kb.juniper.net/JSA10783",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10783"
},
{
"name" : "DSA-3396",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3396"
},
{
"name" : "DSA-3454",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3454"
},
{
"name" : "DSA-3414",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3414"
},
{
"name" : "FEDORA-2015-394835a3f6",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html"
},
{
"name" : "FEDORA-2015-668d213dc3",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html"
},
{
"name" : "FEDORA-2015-f150b2a8c8",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html"
},
{
"name" : "RHSA-2016:0046",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0046.html"
},
{
"name" : "RHSA-2015:2636",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2636.html"
},
{
"name" : "RHSA-2015:2645",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2645.html"
},
{
"name" : "SUSE-SU-2016:2074",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name" : "SUSE-SU-2016:0354",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"
},
{
"name" : "SUSE-SU-2015:2108",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"
},
{
"name" : "SUSE-SU-2015:2194",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"
},
{
"name" : "SUSE-SU-2015:2339",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
},
{
"name" : "SUSE-SU-2015:2350",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
},
{
"name" : "openSUSE-SU-2015:2232",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html"
},
{
"name" : "openSUSE-SU-2015:2250",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"
},
{
"name" : "USN-2800-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2800-1"
},
{
"name" : "USN-2801-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2801-1"
},
{
"name" : "USN-2802-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2802-1"
},
{
"name" : "USN-2803-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2803-1"
},
{
"name" : "USN-2804-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2804-1"
},
{
"name" : "USN-2805-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2805-1"
},
{
"name" : "USN-2806-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2806-1"
},
{
"name" : "USN-2807-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2807-1"
},
{
"name" : "77528",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77528"
},
{
"name" : "1034105",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034105"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:2636",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2636.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "FEDORA-2015-f150b2a8c8",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172187.html"
},
{
"name": "SUSE-SU-2015:2350",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
},
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
},
{
"name": "DSA-3454",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3454"
},
{
"name": "[oss-security] 20151110 Re: CVE-2015-5307 kernel: kvm: guest to host DoS by triggering an infinite loop in microcode via #AC exception",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/11/10/6"
},
{
"name": "RHSA-2015:2645",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2645.html"
},
{
"name": "USN-2802-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2802-1"
},
{
"name": "openSUSE-SU-2015:2250",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00053.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "USN-2806-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2806-1"
},
{
"name": "SUSE-SU-2015:2194",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54a20552e1eae07aa240fa370a0293e006b5faed"
},
{
"name": "openSUSE-SU-2015:2232",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00039.html"
},
{
"name": "USN-2805-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2805-1"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-156.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-156.html"
},
{
"name": "SUSE-SU-2016:0354",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"
},
{
"name": "FEDORA-2015-668d213dc3",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172300.html"
},
{
"name": "USN-2807-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2807-1"
},
{
"name": "SUSE-SU-2015:2339",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
},
{
"name": "SUSE-SU-2015:2108",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"
},
{
"name": "USN-2801-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2801-1"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "FEDORA-2015-394835a3f6",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172435.html"
},
{
"name": "DSA-3414",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3414"
},
{
"name": "http://support.citrix.com/article/CTX202583",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX202583"
},
{
"name": "USN-2800-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2800-1"
},
{
"name": "1034105",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034105"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name": "USN-2804-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2804-1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1277172",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1277172"
},
{
"name": "RHSA-2016:0046",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0046.html"
},
{
"name": "DSA-3396",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3396"
},
{
"name": "77528",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77528"
},
{
"name": "USN-2803-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2803-1"
},
{
"name": "https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/54a20552e1eae07aa240fa370a0293e006b5faed"
}
]
}
}

140
2015/5xxx/CVE-2015-5326.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5326",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"refsource" : "CONFIRM",
"url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
},
{
"name" : "RHSA-2016:0070",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"name" : "RHSA-2016:0489",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0489.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the slave overview page in Jenkins before 1.638 and LTS before 1.625.2 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the slave offline status message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0489",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html"
},
{
"name": "RHSA-2016:0070",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
}
]
}
}

160
2015/5xxx/CVE-2015-5619.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5619",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150821 Logstash vulnerability CVE-2015-5619",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536294/100/0/threaded"
},
{
"name" : "20151106 CVE-2015-5619",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/536858/100/0/threaded"
},
{
"name" : "http://packetstormsecurity.com/files/133269/Logstash-1.5.3-Man-In-The-Middle.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133269/Logstash-1.5.3-Man-In-The-Middle.html"
},
{
"name" : "https://www.elastic.co/blog/logstash-1-5-4-and-1-4-5-released",
"refsource" : "CONFIRM",
"url" : "https://www.elastic.co/blog/logstash-1-5-4-and-1-4-5-released"
},
{
"name" : "76455",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76455"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "76455",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76455"
},
{
"name": "https://www.elastic.co/blog/logstash-1-5-4-and-1-4-5-released",
"refsource": "CONFIRM",
"url": "https://www.elastic.co/blog/logstash-1-5-4-and-1-4-5-released"
},
{
"name": "20150821 Logstash vulnerability CVE-2015-5619",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536294/100/0/threaded"
},
{
"name": "http://packetstormsecurity.com/files/133269/Logstash-1.5.3-Man-In-The-Middle.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133269/Logstash-1.5.3-Man-In-The-Middle.html"
},
{
"name": "20151106 CVE-2015-5619",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536858/100/0/threaded"
}
]
}
}

130
2015/5xxx/CVE-2015-5682.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5682",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150727 Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/27/8"
},
{
"name" : "http://www.vapid.dhs.org/advisory.php?v=132",
"refsource" : "MISC",
"url" : "http://www.vapid.dhs.org/advisory.php?v=132"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows remote attackers to create arbitrary directories via vectors related to the targetDir variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.vapid.dhs.org/advisory.php?v=132",
"refsource": "MISC",
"url": "http://www.vapid.dhs.org/advisory.php?v=132"
},
{
"name": "[oss-security] 20150727 Re: Remote file upload vulnerability & SQLi in wordpress plugin wp-powerplaygallery v3.3",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/27/8"
}
]
}
}

200
2015/5xxx/CVE-2015-5714.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5714",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wpvulndb.com/vulnerabilities/8186",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8186"
},
{
"name" : "https://codex.wordpress.org/Version_4.3.1",
"refsource" : "CONFIRM",
"url" : "https://codex.wordpress.org/Version_4.3.1"
},
{
"name" : "https://github.com/WordPress/WordPress/commit/f72b21af23da6b6d54208e5c1d65ececdaa109c8",
"refsource" : "CONFIRM",
"url" : "https://github.com/WordPress/WordPress/commit/f72b21af23da6b6d54208e5c1d65ececdaa109c8"
},
{
"name" : "https://security-tracker.debian.org/tracker/CVE-2015-5714",
"refsource" : "CONFIRM",
"url" : "https://security-tracker.debian.org/tracker/CVE-2015-5714"
},
{
"name" : "https://wordpress.org/news/2015/09/wordpress-4-3-1/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/news/2015/09/wordpress-4-3-1/"
},
{
"name" : "DSA-3375",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3375"
},
{
"name" : "DSA-3383",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3383"
},
{
"name" : "76745",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76745"
},
{
"name" : "1033979",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033979"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wpvulndb.com/vulnerabilities/8186",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8186"
},
{
"name": "https://codex.wordpress.org/Version_4.3.1",
"refsource": "CONFIRM",
"url": "https://codex.wordpress.org/Version_4.3.1"
},
{
"name": "DSA-3375",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3375"
},
{
"name": "https://github.com/WordPress/WordPress/commit/f72b21af23da6b6d54208e5c1d65ececdaa109c8",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/WordPress/commit/f72b21af23da6b6d54208e5c1d65ececdaa109c8"
},
{
"name": "https://wordpress.org/news/2015/09/wordpress-4-3-1/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2015/09/wordpress-4-3-1/"
},
{
"name": "1033979",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033979"
},
{
"name": "DSA-3383",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3383"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2015-5714",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2015-5714"
},
{
"name": "76745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76745"
}
]
}
}

138
2017/2xxx/CVE-2017-2821.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2017-08-28T00:00:00",
"ID" : "CVE-2017-2821",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Perceptive Document Filters ",
"version" : {
"version_data" : [
{
"version_value" : "11.3.0.2400 - x86"
},
{
"version_value" : "11.4.0.2452 - x86"
}
]
}
}
]
},
"vendor_name" : "Lexmark"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "direct code execution"
}
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2017-08-28T00:00:00",
"ID": "CVE-2017-2821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Perceptive Document Filters ",
"version": {
"version_data": [
{
"version_value": "11.3.0.2400 - x86"
},
{
"version_value": "11.4.0.2452 - x86"
}
]
}
}
]
},
"vendor_name": "Lexmark"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0322",
"refsource" : "MISC",
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0322"
},
{
"name" : "100510",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100510"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable use-after-free exists in the PDF parsing functionality of Lexmark Perspective Document Filters 11.3.0.2400 and 11.4.0.2452. A crafted PDF document can lead to a use-after-free resulting in direct code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "direct code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0322",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0322"
},
{
"name": "100510",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100510"
}
]
}
}

130
2018/11xxx/CVE-2018-11278.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11278",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Over-read in Video"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11278",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/hardware/qcom/media/commit/?id=6c7dbdb2f067bf844beef2c41d9d67cacc3adfa6",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/hardware/qcom/media/commit/?id=6c7dbdb2f067bf844beef2c41d9d67cacc3adfa6"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read in Video"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/platform/hardware/qcom/media/commit/?id=6c7dbdb2f067bf844beef2c41d9d67cacc3adfa6",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/hardware/qcom/media/commit/?id=6c7dbdb2f067bf844beef2c41d9d67cacc3adfa6"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
]
}
}

120
2018/11xxx/CVE-2018-11738.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/sleuthkit/sleuthkit/issues/1265",
"refsource" : "MISC",
"url" : "https://github.com/sleuthkit/sleuthkit/issues/1265"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs.c which could be leveraged by an attacker to disclose information or manipulated to read from unmapped memory causing a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sleuthkit/sleuthkit/issues/1265",
"refsource": "MISC",
"url": "https://github.com/sleuthkit/sleuthkit/issues/1265"
}
]
}
}

120
2018/11xxx/CVE-2018-11750.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@puppet.com",
"ID" : "CVE-2018-11750",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2018-11750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://puppet.com/security/cve/CVE-2018-11750",
"refsource" : "CONFIRM",
"url" : "https://puppet.com/security/cve/CVE-2018-11750"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Previous releases of the Puppet cisco_ios module did not validate a host's identity before starting a SSH connection. As of the 0.4.0 release of cisco_ios, host key checking is enabled by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/CVE-2018-11750",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/CVE-2018-11750"
}
]
}
}

34
2018/11xxx/CVE-2018-11810.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11810",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11810",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2018/15xxx/CVE-2018-15518.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15518",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15518",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"name" : "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource" : "CONFIRM",
"url" : "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
},
{
"name" : "https://codereview.qt-project.org/#/c/236691/",
"refsource" : "CONFIRM",
"url" : "https://codereview.qt-project.org/#/c/236691/"
},
{
"name" : "DSA-4374",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2019/dsa-4374"
},
{
"name" : "openSUSE-SU-2018:4261",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4374",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4374"
},
{
"name": "https://codereview.qt-project.org/#/c/236691/",
"refsource": "CONFIRM",
"url": "https://codereview.qt-project.org/#/c/236691/"
},
{
"name": "openSUSE-SU-2018:4261",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2018-12/msg00066.html"
},
{
"name": "[debian-lts-announce] 20190103 [SECURITY] [DLA 1627-1] qtbase-opensource-src security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00004.html"
},
{
"name": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/",
"refsource": "CONFIRM",
"url": "https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/"
}
]
}
}

34
2018/3xxx/CVE-2018-3386.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3386",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3386",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/3xxx/CVE-2018-3448.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3448",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3448",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/3xxx/CVE-2018-3768.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3768",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1000539. Reason: This candidate is a reservation duplicate of CVE-2018-1000539. Notes: All CVE users should reference CVE-2018-1000539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-3768",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-1000539. Reason: This candidate is a reservation duplicate of CVE-2018-1000539. Notes: All CVE users should reference CVE-2018-1000539 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

34
2018/8xxx/CVE-2018-8318.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8318",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8318",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/8xxx/CVE-2018-8326.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8326",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Web Customizations",
"version" : {
"version_data" : [
{
"version_value" : "Active Directory Federation Services"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka \"Open Source Customization for Active Directory Federation Services XSS Vulnerability.\" This affects Web Customizations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Spoofing"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Web Customizations",
"version": {
"version_data": [
{
"version_value": "Active Directory Federation Services"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8326",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8326"
},
{
"name" : "104656",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104656"
},
{
"name" : "1041266",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041266"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka \"Open Source Customization for Active Directory Federation Services XSS Vulnerability.\" This affects Web Customizations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8326",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8326"
},
{
"name": "1041266",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041266"
},
{
"name": "104656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104656"
}
]
}
}

362
2018/8xxx/CVE-2018-8434.json
View File

@ -1,183 +1,183 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8434",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2008",
"version" : {
"version_data" : [
{
"version_value" : "x64-based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Windows Hyper-V Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8434",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8434"
},
{
"name" : "105239",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105239"
},
{
"name" : "1041624",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041624"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Windows Hyper-V on a host operating system fails to properly validate input from an authenticated user on a guest operating system, aka \"Windows Hyper-V Information Disclosure Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8434",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8434"
},
{
"name": "105239",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105239"
},
{
"name": "1041624",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041624"
}
]
}
}

260
2018/8xxx/CVE-2018-8777.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8777",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html"
},
{
"name" : "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html"
},
{
"name" : "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/"
},
{
"name" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/",
"refsource" : "CONFIRM",
"url" : "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/"
},
{
"name" : "DSA-4259",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4259"
},
{
"name" : "RHSA-2018:3729",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"name" : "RHSA-2018:3730",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"name" : "RHSA-2018:3731",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"name" : "USN-3685-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3685-1/"
},
{
"name" : "103683",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103683"
},
{
"name" : "1042004",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042004"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x before 2.5.1, and 2.6.0-preview1, an attacker can pass a large HTTP request with a crafted header to WEBrick server or a crafted body to WEBrick server/handler and cause a denial of service (memory consumption)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/"
},
{
"name": "USN-3685-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3685-1/"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-5-1-released/"
},
{
"name": "103683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103683"
},
{
"name": "RHSA-2018:3729",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3729"
},
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:3730",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3730"
},
{
"name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1358-1] ruby1.9.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00023.html"
},
{
"name": "RHSA-2018:3731",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3731"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-3-7-released/"
},
{
"name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1421-1] ruby2.1 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00012.html"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-4-4-released/"
},
{
"name": "DSA-4259",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4259"
},
{
"name": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/",
"refsource": "CONFIRM",
"url": "https://www.ruby-lang.org/en/news/2018/03/28/ruby-2-2-10-released/"
},
{
"name": "[debian-lts-announce] 20180423 [SECURITY] [DLA 1359-1] ruby1.8 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00024.html"
}
]
}
}