admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:41:47 +00:00
parent ba23df8a3c
commit 72a68d6467
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3944 additions and 3944 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2002/0xxx/CVE-2002-0027.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the \"Frame Domain Verification\" vulnerability described in MS:MS01-058/CAN-2001-0874."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20011219 Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, Site Spoofing Bug",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/246522"
},
{
"name" : "MS02-005",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005"
},
{
"name" : "3721",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/3721"
},
{
"name" : "3031",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/3031"
},
{
"name" : "oval:org.mitre.oval:def:974",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A974"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the \"Frame Domain Verification\" vulnerability described in MS:MS01-058/CAN-2001-0874."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3031",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3031"
},
{
"name": "20011219 Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, Site Spoofing Bug",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/246522"
},
{
"name": "3721",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3721"
},
{
"name": "oval:org.mitre.oval:def:974",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A974"
},
{
"name": "MS02-005",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005"
}
]
}
}

140
2002/2xxx/CVE-2002-2396.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2396",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.netric.org/advisories/netric-adv010.txt",
"refsource" : "MISC",
"url" : "http://www.netric.org/advisories/netric-adv010.txt"
},
{
"name" : "5760",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5760"
},
{
"name" : "atftp-strcpy-bo(10142)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10142.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.netric.org/advisories/netric-adv010.txt",
"refsource": "MISC",
"url": "http://www.netric.org/advisories/netric-adv010.txt"
},
{
"name": "5760",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5760"
},
{
"name": "atftp-strcpy-bo(10142)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10142.php"
}
]
}
}

180
2005/0xxx/CVE-2005-0325.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0325",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game servers to cause a denial of service (application crash) via a packet with large values that are not properly handled in certain malloc or memcpy operations."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050130 Broadcast crash in Xpand Rally 1.0.0.0",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110720064811485&w=2"
},
{
"name" : "20050130 Broadcast crash in Xpand Rally 1.0.0.0",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031336.html"
},
{
"name" : "http://aluigi.altervista.org/adv/xprallyboom-adv.txt",
"refsource" : "MISC",
"url" : "http://aluigi.altervista.org/adv/xprallyboom-adv.txt"
},
{
"name" : "12409",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12409"
},
{
"name" : "1013043",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013043"
},
{
"name" : "14073",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14073"
},
{
"name" : "xpand-rally-memory-dos(19150)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game servers to cause a denial of service (application crash) via a packet with large values that are not properly handled in certain malloc or memcpy operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12409",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12409"
},
{
"name": "xpand-rally-memory-dos(19150)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19150"
},
{
"name": "1013043",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013043"
},
{
"name": "14073",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14073"
},
{
"name": "http://aluigi.altervista.org/adv/xprallyboom-adv.txt",
"refsource": "MISC",
"url": "http://aluigi.altervista.org/adv/xprallyboom-adv.txt"
},
{
"name": "20050130 Broadcast crash in Xpand Rally 1.0.0.0",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031336.html"
},
{
"name": "20050130 Broadcast crash in Xpand Rally 1.0.0.0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110720064811485&w=2"
}
]
}
}

130
2005/0xxx/CVE-2005-0327.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0327",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0327",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050131 [PersianHacker.net] Full Path Disclosure and PHP Injection In Pafiledb 3.1 Final",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110720365923818&w=2"
},
{
"name" : "pafiledb-login-file-include(19176)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19176"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "pafiledb-login-file-include(19176)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19176"
},
{
"name": "20050131 [PersianHacker.net] Full Path Disclosure and PHP Injection In Pafiledb 3.1 Final",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110720365923818&w=2"
}
]
}
}

120
2005/0xxx/CVE-2005-0613.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0613",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0613",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12676",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12676"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12676",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12676"
}
]
}
}

140
2005/0xxx/CVE-2005-0742.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0742",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "200314",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200314-1"
},
{
"name" : "12775",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12775"
},
{
"name" : "57742",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57742-1"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12775",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12775"
},
{
"name": "57742",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-57742-1"
},
{
"name": "200314",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-200314-1"
}
]
}
}

120
2005/0xxx/CVE-2005-0834.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0834",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Belkin 54G (F5D7130) wireless router enables SNMP by default in a manner that allows remote attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0834",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "12846",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12846"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Belkin 54G (F5D7130) wireless router enables SNMP by default in a manner that allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12846"
}
]
}
}

150
2005/0xxx/CVE-2005-0877.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0877",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0877",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG",
"refsource" : "CONFIRM",
"url" : "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"name" : "12897",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12897"
},
{
"name" : "14691",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14691"
},
{
"name" : "dnsmasq-dns-cache-poisoning(19826)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19826"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dnsmasq-dns-cache-poisoning(19826)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19826"
},
{
"name": "14691",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14691"
},
{
"name": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG",
"refsource": "CONFIRM",
"url": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"
},
{
"name": "12897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12897"
}
]
}
}

120
2005/0xxx/CVE-2005-0911.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0911",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in exoops may allow remote attackers to execute arbitrary SQL commands via (1) the viewcat parameter to index.php or (2) the artid parameter in the viewarticle action for index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0911",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1013566",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013566"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in exoops may allow remote attackers to execute arbitrary SQL commands via (1) the viewcat parameter to index.php or (2) the artid parameter in the viewarticle action for index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013566",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013566"
}
]
}
}

200
2005/1xxx/CVE-2005-1519.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1519",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-1519",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query",
"refsource" : "CONFIRM",
"url" : "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query"
},
{
"name" : "DSA-751",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-751"
},
{
"name" : "FEDORA-2005-373",
"refsource" : "FEDORA",
"url" : "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name" : "FLSA-2006:152809",
"refsource" : "FEDORA",
"url" : "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name" : "RHSA-2005:489",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name" : "13592",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13592"
},
{
"name" : "oval:org.mitre.oval:def:9976",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976"
},
{
"name" : "ADV-2005-0521",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0521"
},
{
"name" : "15294",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15294"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13592",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13592"
},
{
"name": "oval:org.mitre.oval:def:9976",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9976"
},
{
"name": "FEDORA-2005-373",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html"
},
{
"name": "15294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15294"
},
{
"name": "FLSA-2006:152809",
"refsource": "FEDORA",
"url": "http://fedoranews.org/updates/FEDORA--.shtml"
},
{
"name": "DSA-751",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-751"
},
{
"name": "RHSA-2005:489",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-489.html"
},
{
"name": "ADV-2005-0521",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0521"
},
{
"name": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query",
"refsource": "CONFIRM",
"url": "http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE9-dns_query"
}
]
}
}

250
2005/1xxx/CVE-2005-1924.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1924",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1924",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070711 SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=329"
},
{
"name" : "20070711 SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=331"
},
{
"name" : "20070711 SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/473370/100/0/threaded"
},
{
"name" : "4173",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/4173"
},
{
"name" : "GLSA-200708-08",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200708-08.xml"
},
{
"name" : "20070711 True: SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln",
"refsource" : "VIM",
"url" : "http://www.attrition.org/pipermail/vim/2007-July/001710.html"
},
{
"name" : "24874",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/24874"
},
{
"name" : "37923",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37923"
},
{
"name" : "37924",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/37924"
},
{
"name" : "ADV-2007-2513",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2513"
},
{
"name" : "26035",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26035"
},
{
"name" : "26424",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26424"
},
{
"name" : "squirrelmail-gpgp-keyring-command-execution(35355)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35355"
},
{
"name" : "squirrelmail-gpgp-keyfunc-command-execution(35364)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/35364"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php. NOTE: this issue may overlap CVE-2007-3636."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "squirrelmail-gpgp-keyfunc-command-execution(35364)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35364"
},
{
"name": "26035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26035"
},
{
"name": "26424",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26424"
},
{
"name": "37924",
"refsource": "OSVDB",
"url": "http://osvdb.org/37924"
},
{
"name": "24874",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24874"
},
{
"name": "20070711 SquirrelMail G/PGP Plugin gpg_recv_key() Command Injection Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=331"
},
{
"name": "4173",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4173"
},
{
"name": "squirrelmail-gpgp-keyring-command-execution(35355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35355"
},
{
"name": "ADV-2007-2513",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2513"
},
{
"name": "37923",
"refsource": "OSVDB",
"url": "http://osvdb.org/37923"
},
{
"name": "GLSA-200708-08",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200708-08.xml"
},
{
"name": "20070711 SquirrelMail G/PGP Plugin deleteKey() Command Injection Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=329"
},
{
"name": "20070711 True: SquirrelMail G/PGP Encryption Plug-in 2.0 Command Execution Vuln",
"refsource": "VIM",
"url": "http://www.attrition.org/pipermail/vim/2007-July/001710.html"
},
{
"name": "20070711 SquirrelMail G/PGP Encryption Plug-in Remote Command Execution Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473370/100/0/threaded"
}
]
}
}

160
2005/1xxx/CVE-2005-1944.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1944",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1944",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050609 xmysqladmin insecure temporary file creation",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111833993822553&w=2"
},
{
"name" : "http://www.zataz.net/adviso/xmysqladmin-05292005.txt",
"refsource" : "MISC",
"url" : "http://www.zataz.net/adviso/xmysqladmin-05292005.txt"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=93792",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=93792"
},
{
"name" : "1014172",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014172"
},
{
"name" : "15635",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15635"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xmysqladmin 1.0 and earlier allows local users to delete arbitrary files via a symlink attack on a database backup file in /tmp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050609 xmysqladmin insecure temporary file creation",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111833993822553&w=2"
},
{
"name": "1014172",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014172"
},
{
"name": "http://www.zataz.net/adviso/xmysqladmin-05292005.txt",
"refsource": "MISC",
"url": "http://www.zataz.net/adviso/xmysqladmin-05292005.txt"
},
{
"name": "15635",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15635"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=93792",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=93792"
}
]
}
}

160
2005/4xxx/CVE-2005-4292.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4292",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/commercesql-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/commercesql-xss-vuln.html"
},
{
"name" : "15888",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15888"
},
{
"name" : "ADV-2005-2920",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2920"
},
{
"name" : "21717",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21717"
},
{
"name" : "17932",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17932"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keywords parameter in the Quick Find feature."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21717",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21717"
},
{
"name": "ADV-2005-2920",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2920"
},
{
"name": "17932",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17932"
},
{
"name": "15888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15888"
},
{
"name": "http://pridels0.blogspot.com/2005/12/commercesql-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/commercesql-xss-vuln.html"
}
]
}
}

170
2005/4xxx/CVE-2005-4581.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4581",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a long window-id parameter. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051223 Electric Sheep window-id stack overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/420160/100/0/threaded"
},
{
"name" : "http://electricsheep.org/release_notes.html",
"refsource" : "MISC",
"url" : "http://electricsheep.org/release_notes.html"
},
{
"name" : "http://draves.org/HyperNews/get.cgi/flame/1478.html",
"refsource" : "CONFIRM",
"url" : "http://draves.org/HyperNews/get.cgi/flame/1478.html"
},
{
"name" : "http://draves.org/HyperNews/get.cgi/flame/1478/1.html",
"refsource" : "CONFIRM",
"url" : "http://draves.org/HyperNews/get.cgi/flame/1478/1.html"
},
{
"name" : "http://electricsheep.org/index.cgi?&menu=talk",
"refsource" : "CONFIRM",
"url" : "http://electricsheep.org/index.cgi?&menu=talk"
},
{
"name" : "electric-sheep-windowid-bo(23893)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23893"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a long window-id parameter. NOTE: because the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://draves.org/HyperNews/get.cgi/flame/1478.html",
"refsource": "CONFIRM",
"url": "http://draves.org/HyperNews/get.cgi/flame/1478.html"
},
{
"name": "http://electricsheep.org/index.cgi?&menu=talk",
"refsource": "CONFIRM",
"url": "http://electricsheep.org/index.cgi?&menu=talk"
},
{
"name": "electric-sheep-windowid-bo(23893)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23893"
},
{
"name": "http://draves.org/HyperNews/get.cgi/flame/1478/1.html",
"refsource": "CONFIRM",
"url": "http://draves.org/HyperNews/get.cgi/flame/1478/1.html"
},
{
"name": "20051223 Electric Sheep window-id stack overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420160/100/0/threaded"
},
{
"name": "http://electricsheep.org/release_notes.html",
"refsource": "MISC",
"url": "http://electricsheep.org/release_notes.html"
}
]
}
}

190
2009/0xxx/CVE-2009-0207.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0207",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBUX02409",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=123792744311063&w=2"
},
{
"name" : "SSRT080171",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=123792744311063&w=2"
},
{
"name" : "34226",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34226"
},
{
"name" : "oval:org.mitre.oval:def:6352",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6352"
},
{
"name" : "1021891",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021891"
},
{
"name" : "34419",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34419"
},
{
"name" : "ADV-2009-0823",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0823"
},
{
"name" : "hpux-veritas-unspecified-priv-escalation(49403)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49403"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk Manager (VRTSodm) 3.5, B.11.23 running VRTSodm 4.1 or VERITAS File System (VRTSvxfs) 4.1, B.11.23 running VRTSodm 5.0 or VRTSvxfs 5.0, and B.11.31 running VRTSodm 5.0 allows local users to gain root privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34226",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34226"
},
{
"name": "34419",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34419"
},
{
"name": "HPSBUX02409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=123792744311063&w=2"
},
{
"name": "ADV-2009-0823",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0823"
},
{
"name": "hpux-veritas-unspecified-priv-escalation(49403)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49403"
},
{
"name": "1021891",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021891"
},
{
"name": "SSRT080171",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=123792744311063&w=2"
},
{
"name": "oval:org.mitre.oval:def:6352",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6352"
}
]
}
}

220
2009/0xxx/CVE-2009-0316.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0316",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0316",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd",
"refsource" : "MLIST",
"url" : "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"
},
{
"name" : "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/01/26/2"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305",
"refsource" : "MISC",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=481565",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=481565"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"
},
{
"name" : "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045",
"refsource" : "CONFIRM",
"url" : "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"
},
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name" : "MDVSA-2009:047",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"
},
{
"name" : "33447",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33447"
},
{
"name" : "vim-pysyssetargv-privilege-escalation(48275)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=493937"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=484305"
},
{
"name": "33447",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33447"
},
{
"name": "[oss-security] 20090126 CVE request -- Python < 2.6 PySys_SetArgv issues (epiphany, csound, dia, eog, gedit, xchat, vim, nautilus-python, Gnumeric)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/01/26/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "[debian-bugs-rc] 20080805 Bug#484305: bicyclerepair: bike.vim imports untrusted python files from cwd",
"refsource": "MLIST",
"url": "http://www.nabble.com/Bug-484305%3A-bicyclerepair%3A-bike.vim-imports-untrusted-python-files-from-cwd-td18848099.html"
},
{
"name": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045",
"refsource": "CONFIRM",
"url": "https://svn.pardus.org.tr/pardus/2008/applications/editors/vim/files/official/7.2.045"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "MDVSA-2009:047",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:047"
},
{
"name": "vim-pysyssetargv-privilege-escalation(48275)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48275"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=481565",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=481565"
}
]
}
}

180
2009/0xxx/CVE-2009-0391.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0391",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "PK72036",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK72036"
},
{
"name" : "PK79232",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK79232"
},
{
"name" : "33533",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33533"
},
{
"name" : "ADV-2009-0423",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0423"
},
{
"name" : "51663",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51663"
},
{
"name" : "1021658",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021658"
},
{
"name" : "33729",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33729"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.0.1 on z/OS allows attackers to read arbitrary files via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1021658",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021658"
},
{
"name": "PK79232",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK79232"
},
{
"name": "33533",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33533"
},
{
"name": "PK72036",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK72036"
},
{
"name": "33729",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33729"
},
{
"name": "ADV-2009-0423",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0423"
},
{
"name": "51663",
"refsource": "OSVDB",
"url": "http://osvdb.org/51663"
}
]
}
}

130
2009/0xxx/CVE-2009-0488.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0488",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.phorum.org/phorum5/read.php?64,136129",
"refsource" : "CONFIRM",
"url" : "http://www.phorum.org/phorum5/read.php?64,136129"
},
{
"name" : "33657",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33657"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33657"
},
{
"name": "http://www.phorum.org/phorum5/read.php?64,136129",
"refsource": "CONFIRM",
"url": "http://www.phorum.org/phorum5/read.php?64,136129"
}
]
}
}

210
2009/0xxx/CVE-2009-0601.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0601",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0601",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090312 rPSA-2009-0040-1 tshark wireshark",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/501763/100/0/threaded"
},
{
"name" : "http://www.wireshark.org/security/wnpa-sec-2009-01.html",
"refsource" : "CONFIRM",
"url" : "http://www.wireshark.org/security/wnpa-sec-2009-01.html"
},
{
"name" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3150",
"refsource" : "CONFIRM",
"url" : "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3150"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0040",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0040"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2984",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2984"
},
{
"name" : "SUSE-SR:2009:005",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name" : "33690",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33690"
},
{
"name" : "34264",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34264"
},
{
"name" : "ADV-2009-0370",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0370"
},
{
"name" : "1021697",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021697"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090312 rPSA-2009-0040-1 tshark wireshark",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501763/100/0/threaded"
},
{
"name": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3150",
"refsource": "CONFIRM",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3150"
},
{
"name": "33690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33690"
},
{
"name": "SUSE-SR:2009:005",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
},
{
"name": "1021697",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021697"
},
{
"name": "https://issues.rpath.com/browse/RPL-2984",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2984"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0040",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0040"
},
{
"name": "ADV-2009-0370",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0370"
},
{
"name": "http://www.wireshark.org/security/wnpa-sec-2009-01.html",
"refsource": "CONFIRM",
"url": "http://www.wireshark.org/security/wnpa-sec-2009-01.html"
},
{
"name": "34264",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34264"
}
]
}
}

490
2009/0xxx/CVE-2009-0776.json
View File

@ -1,247 +1,247 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0776",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0776",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-09.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-09.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=414540",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=414540"
},
{
"name" : "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm"
},
{
"name" : "DSA-1751",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1751"
},
{
"name" : "DSA-1830",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1830"
},
{
"name" : "FEDORA-2009-2882",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html"
},
{
"name" : "FEDORA-2009-2884",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html"
},
{
"name" : "FEDORA-2009-3101",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html"
},
{
"name" : "MDVSA-2009:075",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:075"
},
{
"name" : "MDVSA-2009:083",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083"
},
{
"name" : "RHSA-2009:0258",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0258.html"
},
{
"name" : "RHSA-2009:0315",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0315.html"
},
{
"name" : "RHSA-2009:0325",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0325.html"
},
{
"name" : "SSA:2009-083-02",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420"
},
{
"name" : "SSA:2009-083-03",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952"
},
{
"name" : "SUSE-SA:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html"
},
{
"name" : "SUSE-SA:2009:023",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html"
},
{
"name" : "USN-741-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/741-1/"
},
{
"name" : "33990",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33990"
},
{
"name" : "oval:org.mitre.oval:def:5956",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5956"
},
{
"name" : "oval:org.mitre.oval:def:6017",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6017"
},
{
"name" : "oval:org.mitre.oval:def:6191",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6191"
},
{
"name" : "oval:org.mitre.oval:def:7390",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7390"
},
{
"name" : "oval:org.mitre.oval:def:9241",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9241"
},
{
"name" : "1021797",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021797"
},
{
"name" : "34145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34145"
},
{
"name" : "34272",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34272"
},
{
"name" : "34387",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34387"
},
{
"name" : "34383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34383"
},
{
"name" : "34324",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34324"
},
{
"name" : "34417",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34417"
},
{
"name" : "34462",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34462"
},
{
"name" : "34464",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34464"
},
{
"name" : "34527",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34527"
},
{
"name" : "34137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34137"
},
{
"name" : "34140",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34140"
},
{
"name" : "ADV-2009-0632",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0632"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to bypass the same-origin policy and read XML data from another domain via a cross-domain redirect."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:0315",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0315.html"
},
{
"name": "SUSE-SA:2009:023",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html"
},
{
"name": "SUSE-SA:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html"
},
{
"name": "DSA-1830",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1830"
},
{
"name": "oval:org.mitre.oval:def:6191",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6191"
},
{
"name": "ADV-2009-0632",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0632"
},
{
"name": "FEDORA-2009-3101",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg01077.html"
},
{
"name": "oval:org.mitre.oval:def:9241",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9241"
},
{
"name": "DSA-1751",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1751"
},
{
"name": "SSA:2009-083-02",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420"
},
{
"name": "RHSA-2009:0325",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0325.html"
},
{
"name": "oval:org.mitre.oval:def:6017",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6017"
},
{
"name": "RHSA-2009:0258",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0258.html"
},
{
"name": "34140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34140"
},
{
"name": "oval:org.mitre.oval:def:7390",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7390"
},
{
"name": "MDVSA-2009:083",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083"
},
{
"name": "34464",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34464"
},
{
"name": "34272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34272"
},
{
"name": "34417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34417"
},
{
"name": "oval:org.mitre.oval:def:5956",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5956"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=414540",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=414540"
},
{
"name": "34527",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34527"
},
{
"name": "34145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34145"
},
{
"name": "FEDORA-2009-2882",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html"
},
{
"name": "FEDORA-2009-2884",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html"
},
{
"name": "SSA:2009-083-03",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952"
},
{
"name": "34137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34137"
},
{
"name": "34462",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34462"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm"
},
{
"name": "USN-741-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/741-1/"
},
{
"name": "34324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34324"
},
{
"name": "MDVSA-2009:075",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:075"
},
{
"name": "1021797",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021797"
},
{
"name": "33990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33990"
},
{
"name": "34383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34383"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-09.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-09.html"
},
{
"name": "34387",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34387"
},
{
"name": "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document"
}
]
}
}

170
2009/1xxx/CVE-2009-1024.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1024",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8216",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8216"
},
{
"name" : "34129",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34129"
},
{
"name" : "52778",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52778"
},
{
"name" : "34323",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34323"
},
{
"name" : "ADV-2009-0733",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0733"
},
{
"name" : "phplinkadmin-edlink-sql-injection(49265)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49265"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 allow remote attackers to execute arbitrary SQL commands via the linkid parameter to edlink.php, and unspecified other vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phplinkadmin-edlink-sql-injection(49265)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49265"
},
{
"name": "ADV-2009-0733",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0733"
},
{
"name": "52778",
"refsource": "OSVDB",
"url": "http://osvdb.org/52778"
},
{
"name": "8216",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8216"
},
{
"name": "34129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34129"
},
{
"name": "34323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34323"
}
]
}
}

190
2009/1xxx/CVE-2009-1286.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1286",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1286",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21379894",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21379894"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21379915",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21379915"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21381562",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21381562"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21381566",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21381566"
},
{
"name" : "34441",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34441"
},
{
"name" : "1022024",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022024"
},
{
"name" : "34657",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34657"
},
{
"name" : "ADV-2009-0986",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0986"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0986",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0986"
},
{
"name": "34441",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34441"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21381566",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381566"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21379894",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21379894"
},
{
"name": "1022024",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022024"
},
{
"name": "34657",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34657"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21379915",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21379915"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21381562",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21381562"
}
]
}
}

150
2009/1xxx/CVE-2009-1621.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1621",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1621",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20140529 OpenCart 1.5.6.4 Directory Traversal Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/532233/100/0/threaded"
},
{
"name" : "8539",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8539"
},
{
"name" : "34724",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34724"
},
{
"name" : "34313",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34313"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8539",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8539"
},
{
"name": "34724",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34724"
},
{
"name": "20140529 OpenCart 1.5.6.4 Directory Traversal Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/532233/100/0/threaded"
},
{
"name": "34313",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34313"
}
]
}
}

180
2009/1xxx/CVE-2009-1738.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1738",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in \"aggregator items.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1738",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/453098",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/453098"
},
{
"name" : "http://drupal.org/node/461706",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/461706"
},
{
"name" : "34953",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34953"
},
{
"name" : "54429",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/54429"
},
{
"name" : "35044",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35044"
},
{
"name" : "ADV-2009-1319",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1319"
},
{
"name" : "feedblock-unspecified-xss(50521)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50521"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with administrator feed permissions to inject arbitrary web script or HTML via unspecified vectors in \"aggregator items.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/453098",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/453098"
},
{
"name": "54429",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/54429"
},
{
"name": "35044",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35044"
},
{
"name": "ADV-2009-1319",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1319"
},
{
"name": "http://drupal.org/node/461706",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/461706"
},
{
"name": "34953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34953"
},
{
"name": "feedblock-unspecified-xss(50521)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50521"
}
]
}
}

130
2009/4xxx/CVE-2009-4200.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4200",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8867",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/8867"
},
{
"name" : "35192",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35192"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Seminar (com_seminar) component 1.28 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a View_seminar action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8867",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8867"
},
{
"name": "35192",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35192"
}
]
}
}

250
2009/4xxx/CVE-2009-4310.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4310",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4310",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091208 ZDI-09-090: Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508335/100/0/threaded"
},
{
"name" : "http://zerodayinitiative.com/advisories/ZDI-09-090/",
"refsource" : "MISC",
"url" : "http://zerodayinitiative.com/advisories/ZDI-09-090/"
},
{
"name" : "http://www.microsoft.com/technet/security/advisory/954157.mspx",
"refsource" : "CONFIRM",
"url" : "http://www.microsoft.com/technet/security/advisory/954157.mspx"
},
{
"name" : "954157",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/kb/954157"
},
{
"name" : "955759",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/kb/955759"
},
{
"name" : "976138",
"refsource" : "MSKB",
"url" : "http://support.microsoft.com/kb/976138"
},
{
"name" : "37251",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37251"
},
{
"name" : "60856",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/60856"
},
{
"name" : "oval:org.mitre.oval:def:11596",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11596"
},
{
"name" : "1023302",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023302"
},
{
"name" : "37592",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37592"
},
{
"name" : "ADV-2009-3440",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3440"
},
{
"name" : "ms-ie-content-code-execution(54645)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54645"
},
{
"name" : "ms-ie-indeo41-codec-bo(54643)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54643"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "955759",
"refsource": "MSKB",
"url": "http://support.microsoft.com/kb/955759"
},
{
"name": "1023302",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023302"
},
{
"name": "37251",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37251"
},
{
"name": "60856",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/60856"
},
{
"name": "http://www.microsoft.com/technet/security/advisory/954157.mspx",
"refsource": "CONFIRM",
"url": "http://www.microsoft.com/technet/security/advisory/954157.mspx"
},
{
"name": "oval:org.mitre.oval:def:11596",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11596"
},
{
"name": "976138",
"refsource": "MSKB",
"url": "http://support.microsoft.com/kb/976138"
},
{
"name": "ms-ie-indeo41-codec-bo(54643)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54643"
},
{
"name": "ADV-2009-3440",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3440"
},
{
"name": "954157",
"refsource": "MSKB",
"url": "http://support.microsoft.com/kb/954157"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-09-090/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-09-090/"
},
{
"name": "ms-ie-content-code-execution(54645)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54645"
},
{
"name": "20091208 ZDI-09-090: Microsoft Windows Intel Indeo Codec Parsing Stack Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508335/100/0/threaded"
},
{
"name": "37592",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37592"
}
]
}
}

140
2009/4xxx/CVE-2009-4683.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4683",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9185",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9185"
},
{
"name" : "55918",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/55918"
},
{
"name" : "35835",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35835"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in vote.php in Good/Bad Vote allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter in a dovote action. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55918",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55918"
},
{
"name": "35835",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35835"
},
{
"name": "9185",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9185"
}
]
}
}

160
2009/4xxx/CVE-2009-4769.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4769",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4769",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb",
"refsource" : "MISC",
"url" : "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
},
{
"name" : "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb",
"refsource" : "MISC",
"url" : "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb"
},
{
"name" : "60181",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/60181"
},
{
"name" : "60182",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/60182"
},
{
"name" : "ADV-2009-3312",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3312"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb",
"refsource": "MISC",
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/http/httpdx_tolog_format.rb"
},
{
"name": "60181",
"refsource": "OSVDB",
"url": "http://osvdb.org/60181"
},
{
"name": "ADV-2009-3312",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3312"
},
{
"name": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb",
"refsource": "MISC",
"url": "http://www.metasploit.com/redmine/projects/framework/repository/revisions/7569/entry/modules/exploits/windows/ftp/httpdx_tolog_format.rb"
},
{
"name": "60182",
"refsource": "OSVDB",
"url": "http://osvdb.org/60182"
}
]
}
}

34
2009/5xxx/CVE-2009-5069.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-5069",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5069",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

270
2012/2xxx/CVE-2012-2673.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2673",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120605 memory allocator upstream patches",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/05/1"
},
{
"name" : "[oss-security] 20120607 Re: memory allocator upstream patches",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/07/13"
},
{
"name" : "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/",
"refsource" : "MISC",
"url" : "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/"
},
{
"name" : "https://github.com/ivmai/bdwgc/blob/master/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://github.com/ivmai/bdwgc/blob/master/ChangeLog"
},
{
"name" : "https://github.com/ivmai/bdwgc/commit/6a93f8e5bcad22137f41b6c60a1c7384baaec2b3",
"refsource" : "CONFIRM",
"url" : "https://github.com/ivmai/bdwgc/commit/6a93f8e5bcad22137f41b6c60a1c7384baaec2b3"
},
{
"name" : "https://github.com/ivmai/bdwgc/commit/83231d0ab5ed60015797c3d1ad9056295ac3b2bb",
"refsource" : "CONFIRM",
"url" : "https://github.com/ivmai/bdwgc/commit/83231d0ab5ed60015797c3d1ad9056295ac3b2bb"
},
{
"name" : "https://github.com/ivmai/bdwgc/commit/be9df82919960214ee4b9d3313523bff44fd99e1",
"refsource" : "CONFIRM",
"url" : "https://github.com/ivmai/bdwgc/commit/be9df82919960214ee4b9d3313523bff44fd99e1"
},
{
"name" : "https://github.com/ivmai/bdwgc/commit/e10c1eb9908c2774c16b3148b30d2f3823d66a9a",
"refsource" : "CONFIRM",
"url" : "https://github.com/ivmai/bdwgc/commit/e10c1eb9908c2774c16b3148b30d2f3823d66a9a"
},
{
"name" : "FEDORA-2012-9556",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082926.html"
},
{
"name" : "FEDORA-2012-9637",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082988.html"
},
{
"name" : "MDVSA-2012:158",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:158"
},
{
"name" : "RHSA-2013:1500",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1500.html"
},
{
"name" : "RHSA-2014:0149",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0149.html"
},
{
"name" : "RHSA-2014:0150",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0150.html"
},
{
"name" : "USN-1546-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-1546-1"
},
{
"name" : "54227",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54227"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2013:1500",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1500.html"
},
{
"name": "USN-1546-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1546-1"
},
{
"name": "https://github.com/ivmai/bdwgc/commit/e10c1eb9908c2774c16b3148b30d2f3823d66a9a",
"refsource": "CONFIRM",
"url": "https://github.com/ivmai/bdwgc/commit/e10c1eb9908c2774c16b3148b30d2f3823d66a9a"
},
{
"name": "FEDORA-2012-9637",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082988.html"
},
{
"name": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/",
"refsource": "MISC",
"url": "http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/"
},
{
"name": "[oss-security] 20120605 memory allocator upstream patches",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/05/1"
},
{
"name": "[oss-security] 20120607 Re: memory allocator upstream patches",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/07/13"
},
{
"name": "MDVSA-2012:158",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:158"
},
{
"name": "RHSA-2014:0150",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0150.html"
},
{
"name": "https://github.com/ivmai/bdwgc/commit/83231d0ab5ed60015797c3d1ad9056295ac3b2bb",
"refsource": "CONFIRM",
"url": "https://github.com/ivmai/bdwgc/commit/83231d0ab5ed60015797c3d1ad9056295ac3b2bb"
},
{
"name": "https://github.com/ivmai/bdwgc/blob/master/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/ivmai/bdwgc/blob/master/ChangeLog"
},
{
"name": "FEDORA-2012-9556",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082926.html"
},
{
"name": "https://github.com/ivmai/bdwgc/commit/be9df82919960214ee4b9d3313523bff44fd99e1",
"refsource": "CONFIRM",
"url": "https://github.com/ivmai/bdwgc/commit/be9df82919960214ee4b9d3313523bff44fd99e1"
},
{
"name": "RHSA-2014:0149",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0149.html"
},
{
"name": "https://github.com/ivmai/bdwgc/commit/6a93f8e5bcad22137f41b6c60a1c7384baaec2b3",
"refsource": "CONFIRM",
"url": "https://github.com/ivmai/bdwgc/commit/6a93f8e5bcad22137f41b6c60a1c7384baaec2b3"
},
{
"name": "54227",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54227"
}
]
}
}

200
2012/2xxx/CVE-2012-2717.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2717",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name" : "http://drupal.org/node/1608828",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1608828"
},
{
"name" : "http://www.madirish.net/content/drupal-mobile-tools-6x-23-xss",
"refsource" : "MISC",
"url" : "http://www.madirish.net/content/drupal-mobile-tools-6x-23-xss"
},
{
"name" : "http://drupal.org/node/1169008",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/1169008"
},
{
"name" : "http://drupalcode.org/project/mobile_tools.git/commitdiff/614b0fc",
"refsource" : "CONFIRM",
"url" : "http://drupalcode.org/project/mobile_tools.git/commitdiff/614b0fc"
},
{
"name" : "53734",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53734"
},
{
"name" : "82410",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/82410"
},
{
"name" : "49318",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49318"
},
{
"name" : "drupal-mobiletools-unspecified-xss(76002)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76002"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Mobile Tools module 6.x-2.x before 6.x-2.3 for Drupal allow remote attackers to inject arbitrary web script or HTML via the (1) Mobile URL field or (2) Desktop URL field to the General configuration page, or the (3) message to the Mobile Tools block message options."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupalcode.org/project/mobile_tools.git/commitdiff/614b0fc",
"refsource": "CONFIRM",
"url": "http://drupalcode.org/project/mobile_tools.git/commitdiff/614b0fc"
},
{
"name": "[oss-security] 20120613 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/06/14/3"
},
{
"name": "53734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53734"
},
{
"name": "82410",
"refsource": "OSVDB",
"url": "http://osvdb.org/82410"
},
{
"name": "http://drupal.org/node/1169008",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/1169008"
},
{
"name": "http://drupal.org/node/1608828",
"refsource": "MISC",
"url": "http://drupal.org/node/1608828"
},
{
"name": "drupal-mobiletools-unspecified-xss(76002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76002"
},
{
"name": "49318",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49318"
},
{
"name": "http://www.madirish.net/content/drupal-mobile-tools-6x-23-xss",
"refsource": "MISC",
"url": "http://www.madirish.net/content/drupal-mobile-tools-6x-23-xss"
}
]
}
}

130
2012/3xxx/CVE-2012-3186.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3186",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3185."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3185."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

140
2012/3xxx/CVE-2012-3210.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3210",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via unknown vectors related to Kernel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "56077",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56077"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via unknown vectors related to Kernel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56077",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56077"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

34
2012/3xxx/CVE-2012-3821.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3821",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3821",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/3xxx/CVE-2012-3930.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3930",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3930",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2012/3xxx/CVE-2012-3937.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3937",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72967."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-3937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20121010 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex"
},
{
"name" : "55866",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55866"
},
{
"name" : "86142",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86142"
},
{
"name" : "1027639",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027639"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 before LD SP32 EP10 and T28 before T28.4 allows remote attackers to execute arbitrary code via a crafted WRF file, aka Bug ID CSCtz72967."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027639",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027639"
},
{
"name": "55866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55866"
},
{
"name": "20121010 Multiple Vulnerabilities in the Cisco WebEx Recording Format Player",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121010-webex"
},
{
"name": "86142",
"refsource": "OSVDB",
"url": "http://osvdb.org/86142"
}
]
}
}

34
2012/6xxx/CVE-2012-6382.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6382",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6382",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2012/6xxx/CVE-2012-6553.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6553",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote attackers to execute arbitrary code via a Portable Executable (PE) file with a resource section containing a string that has many tab or line feed characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6553",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://waleedassar.blogspot.com/2012/05/resource-hacker-heap-overflow.html",
"refsource" : "MISC",
"url" : "http://waleedassar.blogspot.com/2012/05/resource-hacker-heap-overflow.html"
},
{
"name" : "53608",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53608"
},
{
"name" : "49217",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49217"
},
{
"name" : "resource-hacker-pe-bo(75738)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75738"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote attackers to execute arbitrary code via a Portable Executable (PE) file with a resource section containing a string that has many tab or line feed characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://waleedassar.blogspot.com/2012/05/resource-hacker-heap-overflow.html",
"refsource": "MISC",
"url": "http://waleedassar.blogspot.com/2012/05/resource-hacker-heap-overflow.html"
},
{
"name": "49217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49217"
},
{
"name": "53608",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53608"
},
{
"name": "resource-hacker-pe-bo(75738)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75738"
}
]
}
}

122
2015/5xxx/CVE-2015-5350.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security_alert@emc.com",
"DATE_PUBLIC" : "2017-01-02T00:00:00",
"ID" : "CVE-2015-5350",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Garden Nstar",
"version" : {
"version_data" : [
{
"version_value" : "Garden versions 0.22.0-0.329.0"
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read files on the host system that the BOSH-created vcap user has permissions to read and then package them into their app droplet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "A vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2017-01-02T00:00:00",
"ID": "CVE-2015-5350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Garden Nstar",
"version": {
"version_data": [
{
"version_value": "Garden versions 0.22.0-0.329.0"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://pivotal.io/security/cve-2015-5350",
"refsource" : "CONFIRM",
"url" : "https://pivotal.io/security/cve-2015-5350"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system. By staging an application on Cloud Foundry using Diego and Garden installations with a malicious custom buildpack an end user could read files on the host system that the BOSH-created vcap user has permissions to read and then package them into their app droplet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A vulnerability has been discovered in the garden-linux nstar executable that allows access to files on the host system"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pivotal.io/security/cve-2015-5350",
"refsource": "CONFIRM",
"url": "https://pivotal.io/security/cve-2015-5350"
}
]
}
}

140
2015/5xxx/CVE-2015-5488.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5488",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the \"administer mailchimp\" permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"name" : "https://www.drupal.org/node/2480253",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2480253"
},
{
"name" : "https://www.drupal.org/node/2480173",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2480173"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the MailChimp Signup submodule in the MailChimp module 7.x-3.x before 7.x-3.3 for Drupal allows remote authenticated users with the \"administer mailchimp\" permission to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2480253",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2480253"
},
{
"name": "[oss-security] 20150704 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-100 to SA-CONTRIB-2015-131)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/04/4"
},
{
"name": "https://www.drupal.org/node/2480173",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2480173"
}
]
}
}

170
2015/5xxx/CVE-2015-5695.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5695",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5695",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[Openstack] 20150728 [Security][LP# 1471161] Designate mDNS DoS through incorrect handling of large RecordSets",
"refsource" : "MLIST",
"url" : "http://lists.openstack.org/pipermail/openstack/2015-July/013548.html"
},
{
"name" : "[oss-security] 20150728 Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/28/11"
},
{
"name" : "[oss-security] 20150729 Re: Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/07/29/6"
},
{
"name" : "https://bugs.launchpad.net/designate/+bug/1471161",
"refsource" : "CONFIRM",
"url" : "https://bugs.launchpad.net/designate/+bug/1471161"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245241",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1245241"
},
{
"name" : "https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patch",
"refsource" : "CONFIRM",
"url" : "https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patch"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1245241",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1245241"
},
{
"name": "[oss-security] 20150729 Re: Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/29/6"
},
{
"name": "https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patch",
"refsource": "CONFIRM",
"url": "https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patch"
},
{
"name": "https://bugs.launchpad.net/designate/+bug/1471161",
"refsource": "CONFIRM",
"url": "https://bugs.launchpad.net/designate/+bug/1471161"
},
{
"name": "[Openstack] 20150728 [Security][LP# 1471161] Designate mDNS DoS through incorrect handling of large RecordSets",
"refsource": "MLIST",
"url": "http://lists.openstack.org/pipermail/openstack/2015-July/013548.html"
},
{
"name": "[oss-security] 20150728 Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/07/28/11"
}
]
}
}

130
2017/2xxx/CVE-2017-2134.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2134",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ASSETBASE",
"version" : {
"version_data" : [
{
"version_value" : "Ver.8.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "UCHIDA YOKO CO., LTD."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASSETBASE",
"version": {
"version_data": [
{
"version_value": "Ver.8.0 and earlier"
}
]
}
}
]
},
"vendor_name": "UCHIDA YOKO CO., LTD."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "JVN#82019695",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN82019695/index.html"
},
{
"name" : "97708",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97708"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97708",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97708"
},
{
"name": "JVN#82019695",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN82019695/index.html"
}
]
}
}

122
2017/2xxx/CVE-2017-2294.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@puppet.com",
"DATE_PUBLIC" : "2017-05-11T00:00:00",
"ID" : "CVE-2017-2294",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Puppet Enterprise",
"version" : {
"version_data" : [
{
"version_value" : "PE prior to 2016.4.5 or 2017.2.1"
}
]
}
}
]
},
"vendor_name" : "Puppet"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "client private keys insufficiently protected"
}
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"DATE_PUBLIC": "2017-05-11T00:00:00",
"ID": "CVE-2017-2294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Puppet Enterprise",
"version": {
"version_data": [
{
"version_value": "PE prior to 2016.4.5 or 2017.2.1"
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://puppet.com/security/cve/cve-2017-2294",
"refsource" : "CONFIRM",
"url" : "https://puppet.com/security/cve/cve-2017-2294"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to mark MCollective server private keys as sensitive (a feature added in Puppet 4.6), so key values could be logged and stored in PuppetDB. These releases use the sensitive data type to ensure this won't happen anymore."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "client private keys insufficiently protected"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://puppet.com/security/cve/cve-2017-2294",
"refsource": "CONFIRM",
"url": "https://puppet.com/security/cve/cve-2017-2294"
}
]
}
}

130
2017/2xxx/CVE-2017-2545.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@apple.com",
"ID" : "CVE-2017-2545",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"IOGraphics\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2017-2545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT207797",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT207797"
},
{
"name" : "1038484",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1038484"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in certain Apple products. macOS before 10.12.5 is affected. The issue involves the \"IOGraphics\" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1038484",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038484"
},
{
"name": "https://support.apple.com/HT207797",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT207797"
}
]
}
}

210
2018/11xxx/CVE-2018-11806.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11806",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11806",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20180607 CVE-2018-11806 Qemu: slirp: heap buffer overflow while reassembling fragmented datagrams",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2018/06/07/1"
},
{
"name" : "[qemu-devel] 20180605 [PATCH 1/2] slirp: correct size computation while concatenating mbuf",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html"
},
{
"name" : "https://www.zerodayinitiative.com/advisories/ZDI-18-567/",
"refsource" : "MISC",
"url" : "https://www.zerodayinitiative.com/advisories/ZDI-18-567/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1586245",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1586245"
},
{
"name" : "RHSA-2018:2462",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2462"
},
{
"name" : "RHSA-2018:2762",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2762"
},
{
"name" : "RHSA-2018:2822",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2822"
},
{
"name" : "RHSA-2018:2887",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2887"
},
{
"name" : "USN-3826-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3826-1/"
},
{
"name" : "104400",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104400"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "m_cat in slirp/mbuf.c in Qemu has a heap-based buffer overflow via incoming fragmented datagrams."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2762",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2762"
},
{
"name": "104400",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104400"
},
{
"name": "USN-3826-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3826-1/"
},
{
"name": "[qemu-devel] 20180605 [PATCH 1/2] slirp: correct size computation while concatenating mbuf",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg01012.html"
},
{
"name": "[oss-security] 20180607 CVE-2018-11806 Qemu: slirp: heap buffer overflow while reassembling fragmented datagrams",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2018/06/07/1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1586245",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586245"
},
{
"name": "https://www.zerodayinitiative.com/advisories/ZDI-18-567/",
"refsource": "MISC",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-18-567/"
},
{
"name": "RHSA-2018:2462",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2462"
},
{
"name": "RHSA-2018:2822",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2822"
},
{
"name": "RHSA-2018:2887",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2887"
}
]
}
}

34
2018/15xxx/CVE-2018-15298.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15298",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15298",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2018/15xxx/CVE-2018-15537.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15537",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15537",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181113 OCS Inventory NG ocsreports Authenticated RCE via Shell Upload (CVE-2018-15537)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Nov/40"
},
{
"name" : "http://packetstormsecurity.com/files/150330/OCS-Inventory-NG-ocsreports-Shell-Upload.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/150330/OCS-Inventory-NG-ocsreports-Shell-Upload.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unrestricted file upload (with remote code execution) in OCS Inventory NG ocsreports allows a privileged user to gain access to the server via crafted HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/150330/OCS-Inventory-NG-ocsreports-Shell-Upload.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/150330/OCS-Inventory-NG-ocsreports-Shell-Upload.html"
},
{
"name": "20181113 OCS Inventory NG ocsreports Authenticated RCE via Shell Upload (CVE-2018-15537)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Nov/40"
}
]
}
}

34
2018/15xxx/CVE-2018-15738.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15738",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15738",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/15xxx/CVE-2018-15896.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15896",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://gkaim.com/cve-2018-15896-vikas-chaudhary/",
"refsource" : "MISC",
"url" : "https://gkaim.com/cve-2018-15896-vikas-chaudhary/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://gkaim.com/cve-2018-15896-vikas-chaudhary/",
"refsource": "MISC",
"url": "https://gkaim.com/cve-2018-15896-vikas-chaudhary/"
}
]
}
}

34
2018/3xxx/CVE-2018-3685.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3685",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3685",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/8xxx/CVE-2018-8066.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8066",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8066",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

152
2018/8xxx/CVE-2018-8840.json
View File

@ -1,78 +1,78 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-04-06T00:00:00",
"ID" : "CVE-2018-8840",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Schneider Electric InduSoft Web Studio and InTouch Machine Edition",
"version" : {
"version_data" : [
{
"version_value" : "InduSoft Web Studio v8.1 and prior versions, and InTouch Machine Edition 2017 v8.1 and prior versions."
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "STACK-BASED BUFFER OVERFLOW CWE-121"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-04-06T00:00:00",
"ID": "CVE-2018-8840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Schneider Electric InduSoft Web Studio and InTouch Machine Edition",
"version": {
"version_data": [
{
"version_value": "InduSoft Web Studio v8.1 and prior versions, and InTouch Machine Edition 2017 v8.1 and prior versions."
}
]
}
}
]
},
"vendor_name": "ICS-CERT"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/",
"refsource" : "MISC",
"url" : "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/"
},
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01"
},
{
"name" : "https://www.tenable.com/security/research/tra-2018-07",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-07"
},
{
"name" : "103949",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103949"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "STACK-BASED BUFFER OVERFLOW CWE-121"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103949"
},
{
"name": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/",
"refsource": "MISC",
"url": "http://software.schneider-electric.com/pdf/security-bulletin/lfsec00000125/"
},
{
"name": "https://www.tenable.com/security/research/tra-2018-07",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-07"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-107-01"
}
]
}
}

160
2018/8xxx/CVE-2018-8930.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8930",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8930",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://amdflaws.com/",
"refsource" : "MISC",
"url" : "https://amdflaws.com/"
},
{
"name" : "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/",
"refsource" : "MISC",
"url" : "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"name" : "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research",
"refsource" : "MISC",
"url" : "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"name" : "https://safefirmware.com/amdflaws_whitepaper.pdf",
"refsource" : "MISC",
"url" : "https://safefirmware.com/amdflaws_whitepaper.pdf"
},
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have insufficient enforcement of Hardware Validated Boot, aka MASTERKEY-1, MASTERKEY-2, and MASTERKEY-3."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03841en_us"
},
{
"name": "https://amdflaws.com/",
"refsource": "MISC",
"url": "https://amdflaws.com/"
},
{
"name": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/",
"refsource": "MISC",
"url": "https://blog.trailofbits.com/2018/03/15/amd-flaws-technical-summary/"
},
{
"name": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research",
"refsource": "MISC",
"url": "https://community.amd.com/community/amd-corporate/blog/2018/03/21/initial-amd-technical-assessment-of-cts-labs-research"
},
{
"name": "https://safefirmware.com/amdflaws_whitepaper.pdf",
"refsource": "MISC",
"url": "https://safefirmware.com/amdflaws_whitepaper.pdf"
}
]
}
}