admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:43:53 +00:00
parent 4252d2b606
commit 73702de6ae
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
50 changed files with 3734 additions and 3734 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2005/0xxx/CVE-2005-0222.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0222",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110608459222364&w=2"
},
{
"name" : "20050117 [VulnWatch] Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html"
},
{
"name" : "http://theinsider.deep-ice.com/texts/advisory69.txt",
"refsource" : "MISC",
"url" : "http://theinsider.deep-ice.com/texts/advisory69.txt"
},
{
"name" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147",
"refsource" : "CONFIRM",
"url" : "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147"
},
{
"name" : "gallery-mainphp-obtain-information(18940)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/18940"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110608459222364&w=2"
},
{
"name": "http://theinsider.deep-ice.com/texts/advisory69.txt",
"refsource": "MISC",
"url": "http://theinsider.deep-ice.com/texts/advisory69.txt"
},
{
"name": "gallery-mainphp-obtain-information(18940)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18940"
},
{
"name": "20050117 [VulnWatch] Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html"
},
{
"name": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147",
"refsource": "CONFIRM",
"url": "http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147"
}
]
}
}

210
2005/0xxx/CVE-2005-0230.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0230",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka \"firedragging.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0230",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050207 Firedragging [Firefox 1.0]",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110780995232064&w=2"
},
{
"name" : "http://www.mikx.de/firedragging/",
"refsource" : "MISC",
"url" : "http://www.mikx.de/firedragging/"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=279945",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=279945"
},
{
"name" : "http://www.mozilla.org/security/announce/mfsa2005-25.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/mfsa2005-25.html"
},
{
"name" : "GLSA-200503-10",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name" : "GLSA-200503-30",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name" : "SUSE-SA:2006:022",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2006_04_25.html"
},
{
"name" : "12468",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12468"
},
{
"name" : "oval:org.mitre.oval:def:100033",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100033"
},
{
"name" : "19823",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19823"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka \"firedragging.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mozilla.org/security/announce/mfsa2005-25.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/mfsa2005-25.html"
},
{
"name": "oval:org.mitre.oval:def:100033",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100033"
},
{
"name": "19823",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19823"
},
{
"name": "20050207 Firedragging [Firefox 1.0]",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110780995232064&w=2"
},
{
"name": "http://www.mikx.de/firedragging/",
"refsource": "MISC",
"url": "http://www.mikx.de/firedragging/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=279945",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=279945"
},
{
"name": "GLSA-200503-30",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml"
},
{
"name": "GLSA-200503-10",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml"
},
{
"name": "SUSE-SA:2006:022",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_04_25.html"
},
{
"name": "12468",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12468"
}
]
}
}

130
2005/0xxx/CVE-2005-0328.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0328",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050131 Zyxel / Netgear and probably other routers leaking information.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110720465527599&w=2"
},
{
"name" : "zyxel-netgear-ping-information-disclosure(20609)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "zyxel-netgear-ping-information-disclosure(20609)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20609"
},
{
"name": "20050131 Zyxel / Netgear and probably other routers leaking information.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110720465527599&w=2"
}
]
}
}

140
2005/1xxx/CVE-2005-1226.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1226",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1226",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050420 [waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111402186304179&w=2"
},
{
"name" : "http://www.waraxe.us/advisory-42.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/advisory-42.html"
},
{
"name" : "coppermine-password-plaintext(20206)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20206"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "coppermine-password-plaintext(20206)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20206"
},
{
"name": "20050420 [waraxe-2005-SA#042] - Multiple vulnerabilities in Coppermine Photo Gallery 1.3.2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111402186304179&w=2"
},
{
"name": "http://www.waraxe.us/advisory-42.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-42.html"
}
]
}
}

34
2005/1xxx/CVE-2005-1529.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1529",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1529",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2005/3xxx/CVE-2005-3717.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3717",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username \"target\" and password \"password\", which allows remote attackers to gain full access to the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3717",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051117 UTstarcom F1000 VoIP Wifi phone multiple vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.html"
},
{
"name" : "15476",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15476"
},
{
"name" : "ADV-2005-2472",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2472"
},
{
"name" : "17629",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17629"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel WIND 2.6 has a default username \"target\" and password \"password\", which allows remote attackers to gain full access to the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20051117 UTstarcom F1000 VoIP Wifi phone multiple vulnerabilities",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.html"
},
{
"name": "15476",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15476"
},
{
"name": "ADV-2005-2472",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2472"
},
{
"name": "17629",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17629"
}
]
}
}

180
2005/4xxx/CVE-2005-4069.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4069",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure Everyone/Full Control permissions to the \"SunnComm Shared\" directory, which allows local users to gain privileges by modifying programs installed in that directory, such as MMX.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4069",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.eff.org/IP/DRM/Sony-BMG/MediaMaxVulnerabilityReport.pdf",
"refsource" : "MISC",
"url" : "http://www.eff.org/IP/DRM/Sony-BMG/MediaMaxVulnerabilityReport.pdf"
},
{
"name" : "http://www.eff.org/news/archives/2005_12.php#004234",
"refsource" : "MISC",
"url" : "http://www.eff.org/news/archives/2005_12.php#004234"
},
{
"name" : "VU#928689",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/928689"
},
{
"name" : "15754",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15754"
},
{
"name" : "ADV-2005-2783",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2783"
},
{
"name" : "1015327",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015327"
},
{
"name" : "17933",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17933"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure Everyone/Full Control permissions to the \"SunnComm Shared\" directory, which allows local users to gain privileges by modifying programs installed in that directory, such as MMX.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2783",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2783"
},
{
"name": "http://www.eff.org/IP/DRM/Sony-BMG/MediaMaxVulnerabilityReport.pdf",
"refsource": "MISC",
"url": "http://www.eff.org/IP/DRM/Sony-BMG/MediaMaxVulnerabilityReport.pdf"
},
{
"name": "15754",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15754"
},
{
"name": "http://www.eff.org/news/archives/2005_12.php#004234",
"refsource": "MISC",
"url": "http://www.eff.org/news/archives/2005_12.php#004234"
},
{
"name": "VU#928689",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/928689"
},
{
"name": "17933",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17933"
},
{
"name": "1015327",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015327"
}
]
}
}

160
2005/4xxx/CVE-2005-4282.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4282",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly via the root parameter to zaygo.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/domaincart-xss.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/domaincart-xss.html"
},
{
"name" : "15893",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15893"
},
{
"name" : "ADV-2005-2917",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2917"
},
{
"name" : "21729",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21729"
},
{
"name" : "18035",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18035"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML, possibly via the root parameter to zaygo.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15893"
},
{
"name": "ADV-2005-2917",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2917"
},
{
"name": "http://pridels0.blogspot.com/2005/12/domaincart-xss.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/domaincart-xss.html"
},
{
"name": "18035",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18035"
},
{
"name": "21729",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21729"
}
]
}
}

140
2005/4xxx/CVE-2005-4569.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in index.fts in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allows remote attackers to execute arbitrary code via a long tzoffset value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051220 [ACSSEC-2005-11-25-0x4] FTGate 4.4 [Build 4.4.000 Oct 26 2005] St ack Buffer Overflow",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1018.html"
},
{
"name" : "15972",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15972"
},
{
"name" : "ADV-2005-3010",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/3010"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in index.fts in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allows remote attackers to execute arbitrary code via a long tzoffset value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-3010",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3010"
},
{
"name": "20051220 [ACSSEC-2005-11-25-0x4] FTGate 4.4 [Build 4.4.000 Oct 26 2005] St ack Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1018.html"
},
{
"name": "15972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15972"
}
]
}
}

160
2005/4xxx/CVE-2005-4749.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4749",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "BEA05-105.00",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/159"
},
{
"name" : "BEA06-105.01",
"refsource" : "BEA",
"url" : "http://dev2dev.bea.com/pub/advisory/177"
},
{
"name" : "15052",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15052"
},
{
"name" : "17163",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/17163"
},
{
"name" : "17138",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17138"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "BEA05-105.00",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/159"
},
{
"name": "17163",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17163"
},
{
"name": "BEA06-105.01",
"refsource": "BEA",
"url": "http://dev2dev.bea.com/pub/advisory/177"
},
{
"name": "15052",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15052"
},
{
"name": "17138",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17138"
}
]
}
}

150
2009/0xxx/CVE-2009-0284.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0284",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7862",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7862"
},
{
"name" : "http://www.flaxweb.com/products/articles",
"refsource" : "CONFIRM",
"url" : "http://www.flaxweb.com/products/articles"
},
{
"name" : "33422",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33422"
},
{
"name" : "33625",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33625"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33625",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33625"
},
{
"name": "33422",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33422"
},
{
"name": "http://www.flaxweb.com/products/articles",
"refsource": "CONFIRM",
"url": "http://www.flaxweb.com/products/articles"
},
{
"name": "7862",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7862"
}
]
}
}

240
2009/0xxx/CVE-2009-0755.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0755",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0755",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090417 rPSA-2009-0059-1 poppler",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502761/100/0/threaded"
},
{
"name" : "[oss-security] 20090213 CVE Request: Poppler -Two Denial of Service Vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/02/13/1"
},
{
"name" : "[oss-security] 20090219 Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/02/19/2"
},
{
"name" : "[poppler] 20090128 poppler/Form.cc",
"refsource" : "MLIST",
"url" : "http://lists.freedesktop.org/archives/poppler/2009-January/004406.html"
},
{
"name" : "http://bugs.freedesktop.org/show_bug.cgi?id=19790",
"refsource" : "CONFIRM",
"url" : "http://bugs.freedesktop.org/show_bug.cgi?id=19790"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0059",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0059"
},
{
"name" : "DSA-1941",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1941"
},
{
"name" : "SUSE-SR:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name" : "USN-850-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name" : "33749",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33749"
},
{
"name" : "33853",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33853"
},
{
"name" : "35685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35685"
},
{
"name" : "37114",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37114"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33749",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33749"
},
{
"name": "DSA-1941",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1941"
},
{
"name": "[poppler] 20090128 poppler/Form.cc",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/poppler/2009-January/004406.html"
},
{
"name": "33853",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33853"
},
{
"name": "[oss-security] 20090219 Re: CVE Request: Poppler -Two Denial of Service Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/19/2"
},
{
"name": "37114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37114"
},
{
"name": "[oss-security] 20090213 CVE Request: Poppler -Two Denial of Service Vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/02/13/1"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0059",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0059"
},
{
"name": "http://bugs.freedesktop.org/show_bug.cgi?id=19790",
"refsource": "CONFIRM",
"url": "http://bugs.freedesktop.org/show_bug.cgi?id=19790"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "USN-850-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name": "20090417 rPSA-2009-0059-1 poppler",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502761/100/0/threaded"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
}
]
}
}

140
2009/1xxx/CVE-2009-1085.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1085",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1085",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090323 CVE request: API key disclosure in piwik",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/03/23/2"
},
{
"name" : "http://marco-ziesing.de/archives/35-Schluesselloch-in-Piwik.html",
"refsource" : "MISC",
"url" : "http://marco-ziesing.de/archives/35-Schluesselloch-in-Piwik.html"
},
{
"name" : "http://dev.piwik.org/trac/ticket/599",
"refsource" : "CONFIRM",
"url" : "http://dev.piwik.org/trac/ticket/599"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Piwik 0.2.32 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the API key and other sensitive information via a direct request for misc/cron/archive.sh."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090323 CVE request: API key disclosure in piwik",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/03/23/2"
},
{
"name": "http://dev.piwik.org/trac/ticket/599",
"refsource": "CONFIRM",
"url": "http://dev.piwik.org/trac/ticket/599"
},
{
"name": "http://marco-ziesing.de/archives/35-Schluesselloch-in-Piwik.html",
"refsource": "MISC",
"url": "http://marco-ziesing.de/archives/35-Schluesselloch-in-Piwik.html"
}
]
}
}

150
2009/1xxx/CVE-2009-1323.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1323",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8382",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8382"
},
{
"name" : "34462",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34462"
},
{
"name" : "34648",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34648"
},
{
"name" : "webfileexplorer-body-sql-injection(49801)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49801"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "webfileexplorer-body-sql-injection(49801)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49801"
},
{
"name": "34648",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34648"
},
{
"name": "34462",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34462"
},
{
"name": "8382",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8382"
}
]
}
}

290
2009/1xxx/CVE-2009-1391.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1391",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1391",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://article.gmane.org/gmane.mail.virus.amavis.user/33635",
"refsource" : "MISC",
"url" : "http://article.gmane.org/gmane.mail.virus.amavis.user/33635"
},
{
"name" : "http://article.gmane.org/gmane.mail.virus.amavis.user/33638",
"refsource" : "MISC",
"url" : "http://article.gmane.org/gmane.mail.virus.amavis.user/33638"
},
{
"name" : "http://thread.gmane.org/gmane.mail.virus.amavis.user/33635",
"refsource" : "MISC",
"url" : "http://thread.gmane.org/gmane.mail.virus.amavis.user/33635"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=504386",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=504386"
},
{
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=273141",
"refsource" : "CONFIRM",
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=273141"
},
{
"name" : "FEDORA-2009-7680",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html"
},
{
"name" : "GLSA-200908-07",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200908-07.xml"
},
{
"name" : "MDVSA-2009:157",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:157"
},
{
"name" : "SUSE-SR:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name" : "USN-794-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/794-1/"
},
{
"name" : "35307",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35307"
},
{
"name" : "55041",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55041"
},
{
"name" : "35422",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35422"
},
{
"name" : "35685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35685"
},
{
"name" : "35689",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35689"
},
{
"name" : "35876",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35876"
},
{
"name" : "ADV-2009-1571",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1571"
},
{
"name" : "perl-compressrawzlib-inflate-bo(51062)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51062"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and possibly other products, allows context-dependent attackers to cause a denial of service (hang or crash) via a crafted zlib compressed stream that triggers a heap-based buffer overflow, as exploited in the wild by Trojan.Downloader-71014 in June 2009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://article.gmane.org/gmane.mail.virus.amavis.user/33635",
"refsource": "MISC",
"url": "http://article.gmane.org/gmane.mail.virus.amavis.user/33635"
},
{
"name": "http://thread.gmane.org/gmane.mail.virus.amavis.user/33635",
"refsource": "MISC",
"url": "http://thread.gmane.org/gmane.mail.virus.amavis.user/33635"
},
{
"name": "perl-compressrawzlib-inflate-bo(51062)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51062"
},
{
"name": "USN-794-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/794-1/"
},
{
"name": "MDVSA-2009:157",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:157"
},
{
"name": "https://bugs.gentoo.org/show_bug.cgi?id=273141",
"refsource": "CONFIRM",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=273141"
},
{
"name": "35307",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35307"
},
{
"name": "GLSA-200908-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200908-07.xml"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=504386",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=504386"
},
{
"name": "35689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35689"
},
{
"name": "ADV-2009-1571",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1571"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "55041",
"refsource": "OSVDB",
"url": "http://osvdb.org/55041"
},
{
"name": "http://article.gmane.org/gmane.mail.virus.amavis.user/33638",
"refsource": "MISC",
"url": "http://article.gmane.org/gmane.mail.virus.amavis.user/33638"
},
{
"name": "35422",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35422"
},
{
"name": "35876",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35876"
},
{
"name": "FEDORA-2009-7680",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00607.html"
}
]
}
}

150
2009/3xxx/CVE-2009-3569.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3569",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka \"Client-side stack overflow exploit.\" NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3569",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://intevydis.com/vd-list.shtml",
"refsource" : "MISC",
"url" : "http://intevydis.com/vd-list.shtml"
},
{
"name" : "36285",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36285"
},
{
"name" : "1022832",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022832"
},
{
"name" : "35036",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35036"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in OpenOffice.org (OOo) allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka \"Client-side stack overflow exploit.\" NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36285",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36285"
},
{
"name": "1022832",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022832"
},
{
"name": "35036",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35036"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
}
]
}
}

430
2009/3xxx/CVE-2009-3983.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3983",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3983",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-68.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-68.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=487872",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=487872"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=546720",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=546720"
},
{
"name" : "DSA-1956",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1956"
},
{
"name" : "FEDORA-2009-13333",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html"
},
{
"name" : "FEDORA-2009-13362",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html"
},
{
"name" : "FEDORA-2009-13366",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html"
},
{
"name" : "RHSA-2009:1673",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1673.html"
},
{
"name" : "RHSA-2009:1674",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1674.html"
},
{
"name" : "SUSE-SA:2009:063",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2009_63_firefox.html"
},
{
"name" : "SUSE-SR:2010:013",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name" : "USN-873-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-873-1"
},
{
"name" : "USN-874-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-874-1"
},
{
"name" : "USN-915-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-915-1"
},
{
"name" : "37349",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37349"
},
{
"name" : "37366",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37366"
},
{
"name" : "oval:org.mitre.oval:def:10047",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10047"
},
{
"name" : "oval:org.mitre.oval:def:8240",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8240"
},
{
"name" : "1023340",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023340"
},
{
"name" : "1023341",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023341"
},
{
"name" : "37699",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37699"
},
{
"name" : "37703",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37703"
},
{
"name" : "37704",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37704"
},
{
"name" : "37785",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37785"
},
{
"name" : "37813",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37813"
},
{
"name" : "37856",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37856"
},
{
"name" : "37881",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37881"
},
{
"name" : "39001",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39001"
},
{
"name" : "38977",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38977"
},
{
"name" : "ADV-2009-3547",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3547"
},
{
"name" : "ADV-2010-0648",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0648"
},
{
"name" : "firefox-ntlm-reflection(54807)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54807"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey before 2.0.1, allows remote attackers to send authenticated requests to arbitrary applications by replaying the NTLM credentials of a browser user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37704",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37704"
},
{
"name": "37699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37699"
},
{
"name": "39001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39001"
},
{
"name": "ADV-2009-3547",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3547"
},
{
"name": "37703",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37703"
},
{
"name": "ADV-2010-0648",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0648"
},
{
"name": "37881",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37881"
},
{
"name": "FEDORA-2009-13362",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01034.html"
},
{
"name": "37785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37785"
},
{
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name": "USN-874-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-874-1"
},
{
"name": "37813",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37813"
},
{
"name": "FEDORA-2009-13333",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00995.html"
},
{
"name": "USN-873-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-873-1"
},
{
"name": "38977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38977"
},
{
"name": "1023341",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023341"
},
{
"name": "oval:org.mitre.oval:def:8240",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8240"
},
{
"name": "1023340",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023340"
},
{
"name": "37349",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37349"
},
{
"name": "RHSA-2009:1674",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1674.html"
},
{
"name": "FEDORA-2009-13366",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01041.html"
},
{
"name": "DSA-1956",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1956"
},
{
"name": "37856",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37856"
},
{
"name": "RHSA-2009:1673",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1673.html"
},
{
"name": "37366",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37366"
},
{
"name": "USN-915-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-915-1"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-68.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-68.html"
},
{
"name": "firefox-ntlm-reflection(54807)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54807"
},
{
"name": "oval:org.mitre.oval:def:10047",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10047"
},
{
"name": "SUSE-SA:2009:063",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2009_63_firefox.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=487872",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=487872"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=546720",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=546720"
}
]
}
}

190
2009/4xxx/CVE-2009-4236.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4236",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4236",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html",
"refsource" : "MISC",
"url" : "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html"
},
{
"name" : "http://www.ec-cube.net/info/091127/",
"refsource" : "CONFIRM",
"url" : "http://www.ec-cube.net/info/091127/"
},
{
"name" : "JVN#79762947",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN79762947/index.html"
},
{
"name" : "JVNDB-2009-000078",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000078.html"
},
{
"name" : "60685",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/60685"
},
{
"name" : "37603",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37603"
},
{
"name" : "ADV-2009-3421",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3421"
},
{
"name" : "eccube-searchcustomer-security-bypass(54573)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54573"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The process function in data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php in EC-CUBE Ver2 2.4.0 RC1 through 2.4.1, and Community Edition r18068 through r18428, allows remote attackers to obtain sensitive information (customer data) via unknown vectors related to sessions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3421",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3421"
},
{
"name": "37603",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37603"
},
{
"name": "JVN#79762947",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN79762947/index.html"
},
{
"name": "60685",
"refsource": "OSVDB",
"url": "http://osvdb.org/60685"
},
{
"name": "eccube-searchcustomer-security-bypass(54573)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54573"
},
{
"name": "JVNDB-2009-000078",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000078.html"
},
{
"name": "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html",
"refsource": "MISC",
"url": "http://www.ipa.go.jp/security/vuln/documents/2009/200912_ec-cube.html"
},
{
"name": "http://www.ec-cube.net/info/091127/",
"refsource": "CONFIRM",
"url": "http://www.ec-cube.net/info/091127/"
}
]
}
}

150
2009/4xxx/CVE-2009-4686.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4686",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the red_url parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4686",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0907-exploits/adquick-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0907-exploits/adquick-xss.txt"
},
{
"name" : "56056",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56056"
},
{
"name" : "35926",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35926"
},
{
"name" : "adquick-account-xss(51857)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51857"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in account.php in phplemon AdQuick 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the red_url parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "adquick-account-xss(51857)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51857"
},
{
"name": "56056",
"refsource": "OSVDB",
"url": "http://osvdb.org/56056"
},
{
"name": "35926",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35926"
},
{
"name": "http://packetstormsecurity.org/0907-exploits/adquick-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/adquick-xss.txt"
}
]
}
}

140
2009/4xxx/CVE-2009-4727.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4727",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4727",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9332",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9332"
},
{
"name" : "36132",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36132"
},
{
"name" : "ADV-2009-2124",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2124"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in x/login in JungleScripts Ajax Short Url Script allows remote attackers to execute arbitrary SQL commands via the username parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36132",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36132"
},
{
"name": "ADV-2009-2124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2124"
},
{
"name": "9332",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9332"
}
]
}
}

140
2009/4xxx/CVE-2009-4978.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4978",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4978",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9365",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9365"
},
{
"name" : "36106",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36106"
},
{
"name" : "ADV-2009-2165",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2165"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9365",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9365"
},
{
"name": "ADV-2009-2165",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2165"
},
{
"name": "36106",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36106"
}
]
}
}

200
2012/2xxx/CVE-2012-2094.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2094",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2094",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[openstack] 20120417 [OSSA 2012-004] XSS vulnerability in Horizon log viewer",
"refsource" : "MLIST",
"url" : "https://lists.launchpad.net/openstack/msg10211.html"
},
{
"name" : "https://bugs.launchpad.net/horizon/+bug/977944",
"refsource" : "MISC",
"url" : "https://bugs.launchpad.net/horizon/+bug/977944"
},
{
"name" : "https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942",
"refsource" : "CONFIRM",
"url" : "https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942"
},
{
"name" : "FEDORA-2012-6108",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html"
},
{
"name" : "USN-1439-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-1439-1"
},
{
"name" : "81742",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/81742"
},
{
"name" : "49024",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49024"
},
{
"name" : "49071",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49071"
},
{
"name" : "openstack-horizon-xss(76136)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/76136"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the refresh mechanism in the log viewer in horizon/static/horizon/js/horizon.js in OpenStack Dashboard (Horizon) folsom-1 and 2012.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the guest console."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49024",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49024"
},
{
"name": "openstack-horizon-xss(76136)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/76136"
},
{
"name": "81742",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81742"
},
{
"name": "USN-1439-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-1439-1"
},
{
"name": "https://bugs.launchpad.net/horizon/+bug/977944",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/horizon/+bug/977944"
},
{
"name": "49071",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49071"
},
{
"name": "FEDORA-2012-6108",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079160.html"
},
{
"name": "[openstack] 20120417 [OSSA 2012-004] XSS vulnerability in Horizon log viewer",
"refsource": "MLIST",
"url": "https://lists.launchpad.net/openstack/msg10211.html"
},
{
"name": "https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942",
"refsource": "CONFIRM",
"url": "https://github.com/openstack/horizon/commit/7f8c788aa70db98ac904f37fa4197fcabb802942"
}
]
}
}

150
2012/2xxx/CVE-2012-2696.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2696",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2012:1506",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1506.html"
},
{
"name" : "56825",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56825"
},
{
"name" : "1027838",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027838"
},
{
"name" : "enterprise-system-backend-sec-bypass(80545)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/80545"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1 does not properly check privileges, which allows remote authenticated users to query arbitrary information via a (1) SOAP or (2) GWT request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56825",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56825"
},
{
"name": "RHSA-2012:1506",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1506.html"
},
{
"name": "enterprise-system-backend-sec-bypass(80545)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80545"
},
{
"name": "1027838",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027838"
}
]
}
}

130
2012/2xxx/CVE-2012-2773.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2773",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2773",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ffmpeg.org/security.html",
"refsource" : "CONFIRM",
"url" : "https://www.ffmpeg.org/security.html"
},
{
"name" : "100274",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/100274"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact and attack vectors, a different vulnerability than CVE-2012-2771, CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100274",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100274"
},
{
"name": "https://www.ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "https://www.ffmpeg.org/security.html"
}
]
}
}

210
2012/2xxx/CVE-2012-2800.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2800",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the \"tile size ... mismatches parameters\" and triggers \"writing into a too small array.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/31/3"
},
{
"name" : "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/09/02/4"
},
{
"name" : "http://ffmpeg.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://ffmpeg.org/security.html"
},
{
"name" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f0bf9e9c2a65e9a2b9d9e4e94f99acb191dc7ae7",
"refsource" : "CONFIRM",
"url" : "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f0bf9e9c2a65e9a2b9d9e4e94f99acb191dc7ae7"
},
{
"name" : "http://libav.org/releases/libav-0.7.7.changelog",
"refsource" : "CONFIRM",
"url" : "http://libav.org/releases/libav-0.7.7.changelog"
},
{
"name" : "http://libav.org/releases/libav-0.8.4.changelog",
"refsource" : "CONFIRM",
"url" : "http://libav.org/releases/libav-0.8.4.changelog"
},
{
"name" : "MDVSA-2013:079",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079"
},
{
"name" : "55355",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55355"
},
{
"name" : "50468",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50468"
},
{
"name" : "51257",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51257"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the ff_ivi_process_empty_tile function in libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in which the \"tile size ... mismatches parameters\" and triggers \"writing into a too small array.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120902 Re: Information on security issues fixed in ffmpeg 0.11?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/09/02/4"
},
{
"name": "http://libav.org/releases/libav-0.8.4.changelog",
"refsource": "CONFIRM",
"url": "http://libav.org/releases/libav-0.8.4.changelog"
},
{
"name": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f0bf9e9c2a65e9a2b9d9e4e94f99acb191dc7ae7",
"refsource": "CONFIRM",
"url": "http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f0bf9e9c2a65e9a2b9d9e4e94f99acb191dc7ae7"
},
{
"name": "55355",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55355"
},
{
"name": "MDVSA-2013:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:079"
},
{
"name": "[oss-security] 20120831 Information on security issues fixed in ffmpeg 0.11?",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/31/3"
},
{
"name": "http://ffmpeg.org/security.html",
"refsource": "CONFIRM",
"url": "http://ffmpeg.org/security.html"
},
{
"name": "http://libav.org/releases/libav-0.7.7.changelog",
"refsource": "CONFIRM",
"url": "http://libav.org/releases/libav-0.7.7.changelog"
},
{
"name": "50468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50468"
},
{
"name": "51257",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51257"
}
]
}
}

140
2012/2xxx/CVE-2012-2853.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2853",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=134101",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=134101"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html"
},
{
"name" : "oval:org.mitre.oval:def:15439",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15439"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before 21.0.1180.60 on Windows and Chrome Frame, does not properly interact with the Chrome Web Store, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://code.google.com/p/chromium/issues/detail?id=134101",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=134101"
},
{
"name": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/07/stable-channel-release.html"
},
{
"name": "oval:org.mitre.oval:def:15439",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15439"
}
]
}
}

190
2012/2xxx/CVE-2012-2921.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2921",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2921",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://freecode.com/projects/feedparser/releases/344371",
"refsource" : "CONFIRM",
"url" : "http://freecode.com/projects/feedparser/releases/344371"
},
{
"name" : "https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706"
},
{
"name" : "https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py"
},
{
"name" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157",
"refsource" : "CONFIRM",
"url" : "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157"
},
{
"name" : "MDVSA-2013:118",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:118"
},
{
"name" : "53654",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53654"
},
{
"name" : "81701",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81701"
},
{
"name" : "49256",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49256"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII encoded document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81701",
"refsource": "OSVDB",
"url": "http://osvdb.org/81701"
},
{
"name": "https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/feedparser/source/browse/trunk/NEWS?spec=svn706&r=706"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0157"
},
{
"name": "https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py"
},
{
"name": "53654",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53654"
},
{
"name": "MDVSA-2013:118",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:118"
},
{
"name": "http://freecode.com/projects/feedparser/releases/344371",
"refsource": "CONFIRM",
"url": "http://freecode.com/projects/feedparser/releases/344371"
},
{
"name": "49256",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49256"
}
]
}
}

34
2012/2xxx/CVE-2012-2951.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2951",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6587. Reason: This candidate is a duplicate of CVE-2007-6587. Notes: All CVE users should reference CVE-2007-6587 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-2951",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6587. Reason: This candidate is a duplicate of CVE-2007-6587. Notes: All CVE users should reference CVE-2007-6587 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

34
2012/6xxx/CVE-2012-6267.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6267",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6267",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

34
2012/6xxx/CVE-2012-6404.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6404",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6404",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

150
2015/1xxx/CVE-2015-1132.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1132",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-1132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT204659",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT204659"
},
{
"name" : "APPLE-SA-2015-04-08-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
},
{
"name" : "73982",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73982"
},
{
"name" : "1032048",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032048"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/HT204659",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204659"
},
{
"name": "73982",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73982"
},
{
"name": "1032048",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032048"
},
{
"name": "APPLE-SA-2015-04-08-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html"
}
]
}
}

260
2015/1xxx/CVE-2015-1210.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1210",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html"
},
{
"name" : "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=453979",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=453979"
},
{
"name" : "https://src.chromium.org/viewvc/blink?revision=189365&view=revision",
"refsource" : "CONFIRM",
"url" : "https://src.chromium.org/viewvc/blink?revision=189365&view=revision"
},
{
"name" : "GLSA-201502-13",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name" : "RHSA-2015:0163",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0163.html"
},
{
"name" : "openSUSE-SU-2015:0441",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name" : "USN-2495-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2495-1"
},
{
"name" : "72497",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72497"
},
{
"name" : "1031709",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031709"
},
{
"name" : "62670",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62670"
},
{
"name" : "62818",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62818"
},
{
"name" : "62917",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62917"
},
{
"name" : "62925",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62925"
},
{
"name" : "google-chrome-cve20151210-sec-bypass(100716)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100716"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "72497",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72497"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"
},
{
"name": "62818",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62818"
},
{
"name": "62925",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62925"
},
{
"name": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html"
},
{
"name": "GLSA-201502-13",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"
},
{
"name": "62917",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62917"
},
{
"name": "https://code.google.com/p/chromium/issues/detail?id=453979",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=453979"
},
{
"name": "RHSA-2015:0163",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html"
},
{
"name": "62670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62670"
},
{
"name": "1031709",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031709"
},
{
"name": "openSUSE-SU-2015:0441",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"
},
{
"name": "google-chrome-cve20151210-sec-bypass(100716)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100716"
},
{
"name": "USN-2495-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2495-1"
},
{
"name": "https://src.chromium.org/viewvc/blink?revision=189365&view=revision",
"refsource": "CONFIRM",
"url": "https://src.chromium.org/viewvc/blink?revision=189365&view=revision"
}
]
}
}

120
2015/1xxx/CVE-2015-1599.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1599",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Siemens SPCanywhere application for iOS allows physically proximate attackers to bypass intended access restrictions by leveraging a filesystem architectural error."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf",
"refsource": "CONFIRM",
"url": "http://www.siemens.com/innovation/pool/de/forschungsfelder/siemens_security_advisory_ssa-185226.pdf"
}
]
}
}

140
2015/1xxx/CVE-2015-1900.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1900",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 11.3.1.2 on UNIX allows local users to write to executable files, and consequently obtain root privileges, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1900",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902280",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902280"
},
{
"name" : "JR52770",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52770"
},
{
"name" : "75481",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75481"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 11.3.1.2 on UNIX allows local users to write to executable files, and consequently obtain root privileges, via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21902280",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902280"
},
{
"name": "75481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75481"
},
{
"name": "JR52770",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52770"
}
]
}
}

130
2015/5xxx/CVE-2015-5039.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5039",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-5039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21976566",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"name" : "ibm-clearcase-cve20155039-mitm(106715)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Remote Client and change management integrations in IBM Rational ClearCase 7.1.x, 8.0.0.x before 8.0.0.18, and 8.0.1.x before 8.0.1.11 do not properly validate hostnames in X.509 certificates from SSL servers, which allows remote attackers to spoof servers and obtain sensitive information or modify network traffic via a crafted certificate. IBM X-Force ID: 106715."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21976566"
},
{
"name": "ibm-clearcase-cve20155039-mitm(106715)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/106715"
}
]
}
}

150
2015/5xxx/CVE-2015-5145.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5145",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/",
"refsource" : "CONFIRM",
"url" : "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/"
},
{
"name" : "GLSA-201510-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201510-06"
},
{
"name" : "75691",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75691"
},
{
"name" : "1032820",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032820"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "validators.URLValidator in Django 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201510-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-06"
},
{
"name": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/",
"refsource": "CONFIRM",
"url": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/"
},
{
"name": "75691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75691"
},
{
"name": "1032820",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032820"
}
]
}
}

150
2015/5xxx/CVE-2015-5265.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5265",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button in a text editor."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5265",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150921 Moodle security release",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/09/21/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=320289",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=320289"
},
{
"name" : "1033619",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033619"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 does not consider the mod/wiki:managefiles capability before authorizing file management, which allows remote authenticated users to delete arbitrary files by using a manage-files button in a text editor."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371"
},
{
"name": "[oss-security] 20150921 Moodle security release",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/21/1"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=320289",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=320289"
},
{
"name": "1033619",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033619"
}
]
}
}

210
2015/5xxx/CVE-2015-5291.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5291",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5291",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf",
"refsource" : "MISC",
"url" : "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf"
},
{
"name" : "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/",
"refsource" : "MISC",
"url" : "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/"
},
{
"name" : "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01",
"refsource" : "CONFIRM",
"url" : "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01"
},
{
"name" : "DSA-3468",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3468"
},
{
"name" : "FEDORA-2015-30a417bea9",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html"
},
{
"name" : "FEDORA-2015-7f939b3af5",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html"
},
{
"name" : "FEDORA-2015-e22bb33731",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html"
},
{
"name" : "GLSA-201706-18",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201706-18"
},
{
"name" : "openSUSE-SU-2015:2371",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html"
},
{
"name" : "openSUSE-SU-2015:2257",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3468",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3468"
},
{
"name": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf",
"refsource": "MISC",
"url": "https://guidovranken.files.wordpress.com/2015/10/cve-2015-5291.pdf"
},
{
"name": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/",
"refsource": "MISC",
"url": "https://guidovranken.wordpress.com/2015/10/07/cve-2015-5291/"
},
{
"name": "FEDORA-2015-30a417bea9",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169625.html"
},
{
"name": "FEDORA-2015-e22bb33731",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/170317.html"
},
{
"name": "FEDORA-2015-7f939b3af5",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169765.html"
},
{
"name": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01",
"refsource": "CONFIRM",
"url": "https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01"
},
{
"name": "openSUSE-SU-2015:2257",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00013.html"
},
{
"name": "GLSA-201706-18",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201706-18"
},
{
"name": "openSUSE-SU-2015:2371",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00119.html"
}
]
}
}

150
2015/5xxx/CVE-2015-5749.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5749",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5749",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/kb/HT205030",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/kb/HT205030"
},
{
"name" : "APPLE-SA-2015-08-13-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
},
{
"name" : "76337",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76337"
},
{
"name" : "1033275",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033275"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sandbox_profiles component in Apple iOS before 8.4.1 allows attackers to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences via a crafted app."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/kb/HT205030",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205030"
},
{
"name": "1033275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name": "76337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76337"
},
{
"name": "APPLE-SA-2015-08-13-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
}
]
}
}

140
2018/11xxx/CVE-2018-11262.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Calculation of Buffer Size in Boot"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=29ab5eb75bc9ed01466ab1a98e932e59fe27ad42",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=29ab5eb75bc9ed01466ab1a98e932e59fe27ad42"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin"
},
{
"name" : "106949",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106949"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out total number of partition via a non zero check, there could be possibility where the 'TotalPart' could cross 'GptHeader->MaxPtCnt' and which could result in OOB write in patching GPT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Calculation of Buffer Size in Boot"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/08/06/august-2018-code-aurora-security-bulletin"
},
{
"name": "106949",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106949"
},
{
"name": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=29ab5eb75bc9ed01466ab1a98e932e59fe27ad42",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=29ab5eb75bc9ed01466ab1a98e932e59fe27ad42"
}
]
}
}

170
2018/11xxx/CVE-2018-11759.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2018-11759",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Tomcat Connectors",
"version" : {
"version_data" : [
{
"version_value" : "Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-11759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Tomcat Connectors",
"version": {
"version_data": [
{
"version_value": "Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html"
},
{
"name" : "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E",
"refsource" : "MISC",
"url" : "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E"
},
{
"name" : "DSA-4357",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4357"
},
{
"name" : "RHSA-2019:0366",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0366"
},
{
"name" : "RHSA-2019:0367",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name" : "105888",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105888"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Apache Web Server (httpd) specific code that normalised the requested path before matching it to the URI-worker map in Apache Tomcat JK (mod_jk) Connector 1.2.0 to 1.2.44 did not handle some edge cases correctly. If only a sub-set of the URLs supported by Tomcat were exposed via httpd, then it was possible for a specially constructed request to expose application functionality through the reverse proxy that was not intended for clients accessing the application via the reverse proxy. It was also possible in some configurations for a specially constructed request to bypass the access controls configured in httpd. While there is some overlap between this issue and CVE-2018-1323, they are not identical."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4357",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4357"
},
{
"name": "RHSA-2019:0367",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0367"
},
{
"name": "105888",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105888"
},
{
"name": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/6d564bb0ab73d6b3efdd1d6b1c075d1a2c84ecd84a4159d6122529ad@%3Cannounce.tomcat.apache.org%3E"
},
{
"name": "[debian-lts-announce] 20181217 [SECURITY] [DLA 1609-1] libapache-mod-jk security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/12/msg00007.html"
},
{
"name": "RHSA-2019:0366",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0366"
}
]
}
}

130
2018/11xxx/CVE-2018-11823.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11823",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, freeing device memory in driver probe failure will result in double free issue in power module."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=4519cc36b1a396dc55c9b43ab6e8736ae4a6f4cf",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=4519cc36b1a396dc55c9b43ab6e8736ae4a6f4cf"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, freeing device memory in driver probe failure will result in double free issue in power module."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=4519cc36b1a396dc55c9b43ab6e8736ae4a6f4cf",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=4519cc36b1a396dc55c9b43ab6e8736ae4a6f4cf"
},
{
"name": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/11/05/november-2018-code-aurora-forum-security-bulletin"
}
]
}
}

178
2018/15xxx/CVE-2018-15449.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2018-11-07T16:00:00-0600",
"ID" : "CVE-2018-15449",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Video Surveillance Media Server Denial of Service Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Video Surveillance Media Server Software ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to cause the web-based management interface to become unreachable, resulting in a DoS condition."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "4.3",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2018-11-07T16:00:00-0600",
"ID": "CVE-2018-15449",
"STATE": "PUBLIC",
"TITLE": "Cisco Video Surveillance Media Server Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Video Surveillance Media Server Software ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181107 Cisco Video Surveillance Media Server Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vsms-dos"
},
{
"name" : "105863",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105863"
}
]
},
"source" : {
"advisory" : "cisco-sa-20181107-vsms-dos",
"defect" : [
[
"CSCvm36780"
]
],
"discovery" : "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to cause the web-based management interface to become unreachable, resulting in a DoS condition."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105863",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105863"
},
{
"name": "20181107 Cisco Video Surveillance Media Server Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-vsms-dos"
}
]
},
"source": {
"advisory": "cisco-sa-20181107-vsms-dos",
"defect": [
[
"CSCvm36780"
]
],
"discovery": "INTERNAL"
}
}

34
2018/3xxx/CVE-2018-3532.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3532",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3532",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/3xxx/CVE-2018-3684.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"ID" : "CVE-2018-3684",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel Quartus II",
"version" : {
"version_data" : [
{
"version_value" : "15.0"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-3684",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Quartus II",
"version": {
"version_data": [
{
"version_value": "15.0"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00151.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00151.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted service paths in Intel Quartus II in versions 11.0 - 15.0 allow a local attacker to potentially execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00151.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00151.html"
}
]
}
}

122
2018/7xxx/CVE-2018-7771.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@se.com",
"DATE_PUBLIC" : "2018-04-05T00:00:00",
"ID" : "CVE-2018-7771",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "U.Motion",
"version" : {
"version_data" : [
{
"version_value" : "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2018-04-05T00:00:00",
"ID": "CVE-2018-7771",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "U.Motion",
"version": {
"version_data": [
{
"version_value": "U.motion Builder Software, all versions prior to v1.3.4"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/",
"refsource" : "CONFIRM",
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The vulnerability exists within processing of editscript.php in Schneider Electric U.motion Builder software versions prior to v1.3.4. A directory traversal vulnerability allows a caller with standard user privileges to write arbitrary php files anywhere in the web service directory tree."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-095-01/"
}
]
}
}

34
2018/8xxx/CVE-2018-8093.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8093",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8093",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/8xxx/CVE-2018-8100.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8100",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652",
"refsource" : "MISC",
"url" : "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652",
"refsource": "MISC",
"url": "https://forum.xpdfreader.com/viewtopic.php?f=3&t=652"
}
]
}
}

170
2018/8xxx/CVE-2018-8151.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8151",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Exchange Server",
"version" : {
"version_data" : [
{
"version_value" : "2010 Service Pack 3 Update Rollup 21"
},
{
"version_value" : "2013 Cumulative Update 19"
},
{
"version_value" : "2013 Cumulative Update 20"
},
{
"version_value" : "2013 Service Pack 1"
},
{
"version_value" : "2016 Cumulative Update 8"
},
{
"version_value" : "2016 Cumulative Update 9"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka \"Microsoft Exchange Memory Corruption Vulnerability.\" This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8151",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Exchange Server",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 3 Update Rollup 21"
},
{
"version_value": "2013 Cumulative Update 19"
},
{
"version_value": "2013 Cumulative Update 20"
},
{
"version_value": "2013 Service Pack 1"
},
{
"version_value": "2016 Cumulative Update 8"
},
{
"version_value": "2016 Cumulative Update 9"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8151",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8151"
},
{
"name" : "104042",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104042"
},
{
"name" : "1040850",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040850"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Microsoft Exchange improperly handles objects in memory, aka \"Microsoft Exchange Memory Corruption Vulnerability.\" This affects Microsoft Exchange Server. This CVE ID is unique from CVE-2018-8154."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104042",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104042"
},
{
"name": "1040850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040850"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8151",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8151"
}
]
}
}

34
2018/8xxx/CVE-2018-8884.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8884",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8884",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}