admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:07:34 +00:00
parent e0c4eeb0a0
commit 759f16aedf
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
66 changed files with 4802 additions and 4802 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/0xxx/CVE-1999-0364.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0364",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19990204 Microsoft Access 97 Stores Database Password as Plaintext",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=91816470220259&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Access 97 stores a database password as plaintext in a foreign mdb, allowing access to data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990204 Microsoft Access 97 Stores Database Password as Plaintext",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=91816470220259&w=2"
}
]
}
}

130
1999/0xxx/CVE-1999-0381.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0381",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19990225 SUPER buffer overflow",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.990225011801.12757A-100000@eleet"
},
{
"name" : "342",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/342"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990225 SUPER buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.990225011801.12757A-100000@eleet"
},
{
"name": "342",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/342"
}
]
}
}

140
1999/1xxx/CVE-1999-1027.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1027",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1027",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19980507 admintool mode 0777 in Solaris 2.6 HW3/98",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=90221101925880&w=2"
},
{
"name" : "solaris-admintool-world-writable(7296)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/7296"
},
{
"name" : "290",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/290"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "solaris-admintool-world-writable(7296)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7296"
},
{
"name": "290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/290"
},
{
"name": "19980507 admintool mode 0777 in Solaris 2.6 HW3/98",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=90221101925880&w=2"
}
]
}
}

170
1999/1xxx/CVE-1999-1120.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1120",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19970104 Irix: netprint story",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=87602167420403&w=2"
},
{
"name" : "19961203-01-PX",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/19961203-01-PX"
},
{
"name" : "19961203-02-PX",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX"
},
{
"name" : "395",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/395"
},
{
"name" : "993",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/993"
},
{
"name" : "sgi-netprint(2107)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2107"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19970104 Irix: netprint story",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=87602167420403&w=2"
},
{
"name": "993",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/993"
},
{
"name": "395",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/395"
},
{
"name": "sgi-netprint(2107)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2107"
},
{
"name": "19961203-02-PX",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX"
},
{
"name": "19961203-01-PX",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/19961203-01-PX"
}
]
}
}

150
1999/1xxx/CVE-1999-1365.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1365",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=93069418400856&w=2"
},
{
"name" : "19990630 Update: NT runs explorer.exe, etc...",
"refsource" : "NTBUGTRAQ",
"url" : "http://marc.info/?l=ntbugtraq&m=93127894731200&w=2"
},
{
"name" : "nt-login-default-folder(2336)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/2336"
},
{
"name" : "515",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/515"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "515",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/515"
},
{
"name": "19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=93069418400856&w=2"
},
{
"name": "19990630 Update: NT runs explorer.exe, etc...",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq&m=93127894731200&w=2"
},
{
"name": "nt-login-default-folder(2336)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2336"
}
]
}
}

130
1999/1xxx/CVE-1999-1434.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1434",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign root privileges to any local user who logs on to the server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1434",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19980713 Slackware Shadow Insecurity",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=90221104525951&w=2"
},
{
"name" : "155",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/155"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "login in Slackware Linux 3.2 through 3.5 does not properly check for an error when the /etc/group file is missing, which prevents it from dropping privileges, causing it to assign root privileges to any local user who logs on to the server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/155"
},
{
"name": "19980713 Slackware Shadow Insecurity",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=90221104525951&w=2"
}
]
}
}

130
2000/0xxx/CVE-2000-0071.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0071",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0071",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000111 IIS still revealing paths for web directories",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=94770020309953&w=2"
},
{
"name" : "20000113 SV: IIS still revealing paths for web directories",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=94780058006791&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000113 SV: IIS still revealing paths for web directories",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=94780058006791&w=2"
},
{
"name": "20000111 IIS still revealing paths for web directories",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=94770020309953&w=2"
}
]
}
}

150
2000/0xxx/CVE-2000-0332.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0332",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000502 Fun with UltraBoard V1.6X",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com"
},
{
"name" : "1164",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1164"
},
{
"name" : "1309",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/1309"
},
{
"name" : "4065",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4065"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4065",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4065"
},
{
"name": "1309",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/1309"
},
{
"name": "20000502 Fun with UltraBoard V1.6X",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com"
},
{
"name": "1164",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1164"
}
]
}
}

200
2000/0xxx/CVE-2000-0594.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0594",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000704 BitchX /ignore bug",
"refsource" : "VULN-DEV",
"url" : "http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html"
},
{
"name" : "20000704 BitchX exploit possibly waiting to happen, certain DoS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html"
},
{
"name" : "RHSA-2000:042",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2000-042.html"
},
{
"name" : "FreeBSD-SA-00:32",
"refsource" : "FREEBSD",
"url" : "http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html"
},
{
"name" : "CSSA-2000-022.0",
"refsource" : "CALDERA",
"url" : "http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt"
},
{
"name" : "20000707 BitchX update",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html"
},
{
"name" : "20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html"
},
{
"name" : "1436",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1436"
},
{
"name" : "irc-bitchx-invite-dos(4897)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4897"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:32",
"refsource": "FREEBSD",
"url": "http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html"
},
{
"name": "20000707 BitchX update",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html"
},
{
"name": "RHSA-2000:042",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-042.html"
},
{
"name": "CSSA-2000-022.0",
"refsource": "CALDERA",
"url": "http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt"
},
{
"name": "1436",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1436"
},
{
"name": "irc-bitchx-invite-dos(4897)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4897"
},
{
"name": "20000704 BitchX exploit possibly waiting to happen, certain DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html"
},
{
"name": "20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html"
},
{
"name": "20000704 BitchX /ignore bug",
"refsource": "VULN-DEV",
"url": "http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html"
}
]
}
}

150
2000/0xxx/CVE-2000-0640.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0640",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0640",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html"
},
{
"name" : "1452",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1452"
},
{
"name" : "guild-ftpd-disclosure(4922)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/4922"
},
{
"name" : "573",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/573"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html"
},
{
"name": "1452",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1452"
},
{
"name": "guild-ftpd-disclosure(4922)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/4922"
},
{
"name": "573",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/573"
}
]
}
}

130
2000/0xxx/CVE-2000-0659.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0659",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long user ID in a SOCKS4 CONNECT request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000724 AnalogX Proxy DoS",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-07/0360.html"
},
{
"name" : "1504",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1504"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote attackers to cause a denial of service via a long user ID in a SOCKS4 CONNECT request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000724 AnalogX Proxy DoS",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-07/0360.html"
},
{
"name": "1504",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1504"
}
]
}
}

130
2000/0xxx/CVE-2000-0714.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0714",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0714",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "RHSA-2000:047",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2000-047.html"
},
{
"name" : "1551",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1551"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2000:047",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2000-047.html"
},
{
"name": "1551",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1551"
}
]
}
}

140
2000/0xxx/CVE-2000-0809.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-0809",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer",
"refsource" : "CONFIRM",
"url" : "http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer"
},
{
"name" : "fw1-getkey-bo(5139)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/5139"
},
{
"name" : "4422",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/4422"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4422",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4422"
},
{
"name": "http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer",
"refsource": "CONFIRM",
"url": "http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer"
},
{
"name": "fw1-getkey-bo(5139)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5139"
}
]
}
}

140
2000/1xxx/CVE-2000-1035.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1035",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER, PASS, or CWD command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20000912 TYPSoft FTP Server remote DoS Problem",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=96879389027478&w=2"
},
{
"name" : "http://www.synnergy.net/Archives/Advisories/dethy/typsoft-ftpd.txt",
"refsource" : "MISC",
"url" : "http://www.synnergy.net/Archives/Advisories/dethy/typsoft-ftpd.txt"
},
{
"name" : "1690",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/1690"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER, PASS, or CWD command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.synnergy.net/Archives/Advisories/dethy/typsoft-ftpd.txt",
"refsource": "MISC",
"url": "http://www.synnergy.net/Archives/Advisories/dethy/typsoft-ftpd.txt"
},
{
"name": "1690",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1690"
},
{
"name": "20000912 TYPSoft FTP Server remote DoS Problem",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=96879389027478&w=2"
}
]
}
}

120
2000/1xxx/CVE-2000-1154.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2000-1154",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1154",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20001113 beos vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows remote attackers to cause a denial of service via long HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001113 beos vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-11/0203.html"
}
]
}
}

230
2005/2xxx/CVE-2005-2044.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2044",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2044",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html"
},
{
"name" : "13972",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13972"
},
{
"name" : "17351",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17351"
},
{
"name" : "17352",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17352"
},
{
"name" : "17353",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17353"
},
{
"name" : "17354",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17354"
},
{
"name" : "17355",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17355"
},
{
"name" : "17356",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17356"
},
{
"name" : "17357",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17357"
},
{
"name" : "17358",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17358"
},
{
"name" : "17359",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/17359"
},
{
"name" : "1014216",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014216"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter to inbox/send_message.php, the (5) search, (6) words, (7) include, (8) find_in, (9) display_as, or (10) search parameter to search.php, the (11) submit, (12) query, or (13) field parameter to tile.php, the (14) us parameter to forum/subscribe_forum.php, or the (15) roles[], (16) status, (17) submit, or (18) reset_filter parameters to directory.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014216",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014216"
},
{
"name": "17356",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17356"
},
{
"name": "17351",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17351"
},
{
"name": "17354",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17354"
},
{
"name": "17355",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17355"
},
{
"name": "17359",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17359"
},
{
"name": "17358",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17358"
},
{
"name": "17352",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17352"
},
{
"name": "http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2005/06/atutor-multiple-variable-cross-site.html"
},
{
"name": "13972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13972"
},
{
"name": "17353",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17353"
},
{
"name": "17357",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/17357"
}
]
}
}

200
2005/2xxx/CVE-2005-2693.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2693",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-802",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-802"
},
{
"name" : "DSA-806",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-806"
},
{
"name" : "FreeBSD-SA-05:20",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc"
},
{
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366"
},
{
"name" : "RHSA-2005:756",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-756.html"
},
{
"name" : "oval:org.mitre.oval:def:10835",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835"
},
{
"name" : "ADV-2005-1667",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1667"
},
{
"name" : "1014857",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014857"
},
{
"name" : "16765",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16765"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-1667",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1667"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166366"
},
{
"name": "FreeBSD-SA-05:20",
"refsource": "FREEBSD",
"url": "ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:20.cvsbug.asc"
},
{
"name": "RHSA-2005:756",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-756.html"
},
{
"name": "16765",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16765"
},
{
"name": "1014857",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014857"
},
{
"name": "DSA-802",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-802"
},
{
"name": "DSA-806",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-806"
},
{
"name": "oval:org.mitre.oval:def:10835",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10835"
}
]
}
}

190
2005/2xxx/CVE-2005-2716.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2716",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2716",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050826 DMA[2005-0826a] - 'Nokia Affix Bluetooth btsrv poor use of popen()'",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112511370326063&w=2"
},
{
"name" : "http://www.digitalmunition.com/DMA%5B2005-0826a%5D.txt",
"refsource" : "MISC",
"url" : "http://www.digitalmunition.com/DMA%5B2005-0826a%5D.txt"
},
{
"name" : "http://affix.sourceforge.net/patch_btsrv_affix_3_2_0",
"refsource" : "CONFIRM",
"url" : "http://affix.sourceforge.net/patch_btsrv_affix_3_2_0"
},
{
"name" : "http://affix.sourceforge.net/patch_btsrv_affix_2_1_2",
"refsource" : "CONFIRM",
"url" : "http://affix.sourceforge.net/patch_btsrv_affix_2_1_2"
},
{
"name" : "DSA-796",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-796"
},
{
"name" : "14672",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14672"
},
{
"name" : "16574",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16574/"
},
{
"name" : "nokia-devicename-command-execution(22034)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22034"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The event_pin_code_request function in the btsrv daemon (btsrv.c) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in a Bluetooth device name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-796",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-796"
},
{
"name": "http://affix.sourceforge.net/patch_btsrv_affix_3_2_0",
"refsource": "CONFIRM",
"url": "http://affix.sourceforge.net/patch_btsrv_affix_3_2_0"
},
{
"name": "14672",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14672"
},
{
"name": "http://affix.sourceforge.net/patch_btsrv_affix_2_1_2",
"refsource": "CONFIRM",
"url": "http://affix.sourceforge.net/patch_btsrv_affix_2_1_2"
},
{
"name": "16574",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16574/"
},
{
"name": "http://www.digitalmunition.com/DMA%5B2005-0826a%5D.txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA%5B2005-0826a%5D.txt"
},
{
"name": "nokia-devicename-command-execution(22034)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22034"
},
{
"name": "20050826 DMA[2005-0826a] - 'Nokia Affix Bluetooth btsrv poor use of popen()'",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112511370326063&w=2"
}
]
}
}

120
2005/2xxx/CVE-2005-2862.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2862",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote attackers to login to the modem with a blank password and gain unauthorized access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050902 (Annex A) ADSL Road Runner Exploit Description & Theory",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112607274800750&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote attackers to login to the modem with a blank password and gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050902 (Annex A) ADSL Road Runner Exploit Description & Theory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112607274800750&w=2"
}
]
}
}

140
2005/2xxx/CVE-2005-2962.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-2962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-830",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-830"
},
{
"name" : "16700",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16700"
},
{
"name" : "17017",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17017"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-830",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-830"
},
{
"name": "17017",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17017"
},
{
"name": "16700",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16700"
}
]
}
}

180
2005/3xxx/CVE-2005-3660.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3660",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3660",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051222 Linux Kernel Socket Buffer Memory Exhaustion DoS Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=362"
},
{
"name" : "16041",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16041"
},
{
"name" : "ADV-2005-3076",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/3076"
},
{
"name" : "1015402",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015402"
},
{
"name" : "18205",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18205"
},
{
"name" : "291",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/291"
},
{
"name" : "kernel-socket-dos(23835)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23835"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service (memory exhaustion and panic) by creating a large number of connected file descriptors or socketpairs and setting a large data transfer buffer, then preventing Linux from being able to finish the transfer by causing the process to become a zombie, or closing the file descriptor without closing an associated reference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "291",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/291"
},
{
"name": "16041",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16041"
},
{
"name": "20051222 Linux Kernel Socket Buffer Memory Exhaustion DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=362"
},
{
"name": "ADV-2005-3076",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3076"
},
{
"name": "1015402",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015402"
},
{
"name": "kernel-socket-dos(23835)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23835"
},
{
"name": "18205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18205"
}
]
}
}

210
2005/3xxx/CVE-2005-3682.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3682",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051112 Multible Sql injections in Wizz Forum",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113201564319843&w=2"
},
{
"name" : "15410",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15410/references"
},
{
"name" : "ADV-2005-2421",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2421"
},
{
"name" : "20845",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20845"
},
{
"name" : "20846",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20846"
},
{
"name" : "20847",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20847"
},
{
"name" : "17548",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17548/"
},
{
"name" : "181",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/181"
},
{
"name" : "wizz-forumauthdetails-sql-injection(23170)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23170"
},
{
"name" : "wizz-topicid-sql-injection(23171)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23171"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote attackers to execute arbitrary SQL commands via (1) the AuthID parameter in ForumAuthDetails.php, and the TopicID parameter in (2) ForumTopicDetails.php and (3) ForumReply.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20846",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20846"
},
{
"name": "wizz-forumauthdetails-sql-injection(23170)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23170"
},
{
"name": "181",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/181"
},
{
"name": "ADV-2005-2421",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2421"
},
{
"name": "20051112 Multible Sql injections in Wizz Forum",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113201564319843&w=2"
},
{
"name": "20845",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20845"
},
{
"name": "wizz-topicid-sql-injection(23171)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23171"
},
{
"name": "15410",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15410/references"
},
{
"name": "17548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17548/"
},
{
"name": "20847",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20847"
}
]
}
}

370
2007/5xxx/CVE-2007-5849.json
View File

@ -1,187 +1,187 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5849",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5849",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=307179",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=201570",
"refsource" : "CONFIRM",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=201570"
},
{
"name" : "http://www.cups.org/str.php?L2589",
"refsource" : "CONFIRM",
"url" : "http://www.cups.org/str.php?L2589"
},
{
"name" : "APPLE-SA-2007-12-17",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name" : "DSA-1437",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2007/dsa-1437"
},
{
"name" : "FEDORA-2008-0322",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00908.html"
},
{
"name" : "GLSA-200712-14",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml"
},
{
"name" : "MDVSA-2008:036",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2008:036"
},
{
"name" : "SUSE-SA:2008:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00003.html"
},
{
"name" : "SUSE-SR:2008:002",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name" : "USN-563-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-563-1"
},
{
"name" : "TA07-352A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name" : "26917",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26917"
},
{
"name" : "26910",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26910"
},
{
"name" : "ADV-2007-4238",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name" : "ADV-2007-4242",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4242"
},
{
"name" : "28113",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28113"
},
{
"name" : "28136",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28136"
},
{
"name" : "28129",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28129"
},
{
"name" : "28200",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28200"
},
{
"name" : "28386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28386"
},
{
"name" : "28441",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28441"
},
{
"name" : "28636",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28636"
},
{
"name" : "28676",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28676"
},
{
"name" : "macos-snmp-bo(39097)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39097"
},
{
"name" : "cups-asn1getstring-bo(39101)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39101"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cups.org/str.php?L2589",
"refsource": "CONFIRM",
"url": "http://www.cups.org/str.php?L2589"
},
{
"name": "cups-asn1getstring-bo(39101)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39101"
},
{
"name": "ADV-2007-4238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "TA07-352A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "28129",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28129"
},
{
"name": "SUSE-SR:2008:002",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/suse_security_summary_report.html"
},
{
"name": "28441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28441"
},
{
"name": "28136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28136"
},
{
"name": "28113",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28113"
},
{
"name": "28200",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28200"
},
{
"name": "USN-563-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-563-1"
},
{
"name": "GLSA-200712-14",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200712-14.xml"
},
{
"name": "26910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26910"
},
{
"name": "SUSE-SA:2008:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00003.html"
},
{
"name": "FEDORA-2008-0322",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00908.html"
},
{
"name": "APPLE-SA-2007-12-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "28676",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28676"
},
{
"name": "DSA-1437",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1437"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307179",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name": "28386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28386"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=201570",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=201570"
},
{
"name": "MDVSA-2008:036",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:036"
},
{
"name": "28636",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28636"
},
{
"name": "macos-snmp-bo(39097)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39097"
},
{
"name": "ADV-2007-4242",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4242"
},
{
"name": "26917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26917"
}
]
}
}

190
2007/5xxx/CVE-2007-5850.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5850",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5850",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=307179",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=307179"
},
{
"name" : "APPLE-SA-2007-12-17",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name" : "TA07-352A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name" : "26910",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/26910"
},
{
"name" : "ADV-2007-4238",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name" : "1019106",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1019106"
},
{
"name" : "28136",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/28136"
},
{
"name" : "macos-desktop-services-bo(39098)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/39098"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Desktop Services in Apple Mac OS X 10.4.11 allows user-assisted attackers to execute arbitrary code via a directory with a crafted .DS_Store file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "macos-desktop-services-bo(39098)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39098"
},
{
"name": "ADV-2007-4238",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4238"
},
{
"name": "TA07-352A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA07-352A.html"
},
{
"name": "28136",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28136"
},
{
"name": "26910",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26910"
},
{
"name": "1019106",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019106"
},
{
"name": "APPLE-SA-2007-12-17",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307179",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307179"
}
]
}
}

170
2009/2xxx/CVE-2009-2049.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2049",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (device reload) by using an RFC4271 peer to send a malformed update, aka Bug ID CSCta33973."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-2049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090729 Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080aea4c9.shtml"
},
{
"name" : "35860",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35860"
},
{
"name" : "oval:org.mitre.oval:def:6853",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6853"
},
{
"name" : "1022619",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022619"
},
{
"name" : "36046",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36046"
},
{
"name" : "ADV-2009-2082",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2082"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through 12.0(33)S4, 12.0(32)SY8 through 12.0(32)SY9, 12.2(33)SXI1 through 12.2(33)SXI2, 12.2XNC before 12.2(33)XNC2, 12.2XND before 12.2(33)XND1, and 12.4(24)T1; and IOS XE 2.3 through 2.3.1t and 2.4 through 2.4.0; when RFC4893 BGP routing is enabled, allows remote attackers to cause a denial of service (device reload) by using an RFC4271 peer to send a malformed update, aka Bug ID CSCta33973."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20090729 Cisco IOS Software Border Gateway Protocol 4-Byte Autonomous System Number Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080aea4c9.shtml"
},
{
"name": "oval:org.mitre.oval:def:6853",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6853"
},
{
"name": "36046",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36046"
},
{
"name": "ADV-2009-2082",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2082"
},
{
"name": "1022619",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022619"
},
{
"name": "35860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35860"
}
]
}
}

170
2009/2xxx/CVE-2009-2159.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2159",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2159",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090615 [waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504294/100/0/threaded"
},
{
"name" : "8958",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8958"
},
{
"name" : "http://www.waraxe.us/advisory-74.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/advisory-74.html"
},
{
"name" : "35369",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35369"
},
{
"name" : "35456",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35456"
},
{
"name" : "torrenttrader-backupdatabase-info-disc(51147)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51147"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "backup-database.php in TorrentTrader Classic 1.09 does not require administrative authentication, which allows remote attackers to create and download a backup database by making a direct request and then retrieving a .gz file from backups/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35456"
},
{
"name": "torrenttrader-backupdatabase-info-disc(51147)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51147"
},
{
"name": "35369",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35369"
},
{
"name": "8958",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8958"
},
{
"name": "20090615 [waraxe-2009-SA#074] - Multiple Vulnerabilities in TorrentTrader Classic 1.09",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504294/100/0/threaded"
},
{
"name": "http://www.waraxe.us/advisory-74.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-74.html"
}
]
}
}

150
2009/2xxx/CVE-2009-2648.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2648",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2648",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0907-exploits/flashden-disclose.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0907-exploits/flashden-disclose.txt"
},
{
"name" : "56548",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/56548"
},
{
"name" : "36000",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36000"
},
{
"name" : "flashdenguestbook-phpinfo-info-disclosure(52001)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36000",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36000"
},
{
"name": "flashdenguestbook-phpinfo-info-disclosure(52001)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52001"
},
{
"name": "56548",
"refsource": "OSVDB",
"url": "http://osvdb.org/56548"
},
{
"name": "http://packetstormsecurity.org/0907-exploits/flashden-disclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/flashden-disclose.txt"
}
]
}
}

270
2009/2xxx/CVE-2009-2879.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2879",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2009-2879",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.fortiguard.com/advisory/FGA-2009-48.html",
"refsource" : "MISC",
"url" : "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name" : "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html",
"refsource" : "MISC",
"url" : "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html"
},
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"name" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
},
{
"name" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
},
{
"name" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
},
{
"name" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
},
{
"name" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
},
{
"name" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
},
{
"name" : "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
},
{
"name" : "37352",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37352"
},
{
"name" : "61129",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/61129"
},
{
"name" : "1023360",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023360"
},
{
"name" : "37810",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37810"
},
{
"name" : "ADV-2009-3574",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name" : "cisco-webex-wrf-bo(54841)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x before 26.49.32 (aka T26SP49EP32) for Windows, 27.x before 27.10.x (aka T27SP10) for Windows, 26.x before 26.49.35 for Mac OS X and Linux, and 27.x before 27.11.8 for Mac OS X and Linux allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted WebEx Recording Format (WRF) file, a different vulnerability than CVE-2009-2876 and CVE-2009-2878."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22660&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
},
{
"name": "http://www.fortiguard.com/advisory/FGA-2009-48.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/advisory/FGA-2009-48.html"
},
{
"name": "37810",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37810"
},
{
"name": "61129",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/61129"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=23040&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
},
{
"name": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html",
"refsource": "MISC",
"url": "http://www.fortiguard.com/encyclopedia/vulnerability/cisco.webex.player.atas32.heap.overflow.html"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22799&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=19499"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22663&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22661&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
},
{
"name": "1023360",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023360"
},
{
"name": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=22662&signatureSubId=0&softwareVersion=6.0&releaseVersion=S456"
},
{
"name": "ADV-2009-3574",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3574"
},
{
"name": "37352",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37352"
},
{
"name": "cisco-webex-wrf-bo(54841)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54841"
},
{
"name": "20091216 Multiple Cisco WebEx WRF Player Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b0a577.shtml"
}
]
}
}

430
2009/2xxx/CVE-2009-2901.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2901",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-2901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20100124 [SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/509151/100/0/threaded"
},
{
"name" : "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name" : "http://svn.apache.org/viewvc?rev=892815&view=rev",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?rev=892815&view=rev"
},
{
"name" : "http://svn.apache.org/viewvc?rev=902650&view=rev",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?rev=902650&view=rev"
},
{
"name" : "http://tomcat.apache.org/security-5.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-5.html"
},
{
"name" : "http://tomcat.apache.org/security-6.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-6.html"
},
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name" : "HPSBST02955",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
},
{
"name" : "HPSBMA02535",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2"
},
{
"name" : "HPSBOV02762",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2"
},
{
"name" : "SSRT100029",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2"
},
{
"name" : "SSRT100825",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2"
},
{
"name" : "MDVSA-2010:176",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
},
{
"name" : "MDVSA-2010:177",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"
},
{
"name" : "SUSE-SR:2010:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"name" : "openSUSE-SU-2012:1700",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
},
{
"name" : "openSUSE-SU-2012:1701",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
},
{
"name" : "openSUSE-SU-2013:0147",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
},
{
"name" : "USN-899-1",
"refsource" : "UBUNTU",
"url" : "http://ubuntu.com/usn/usn-899-1"
},
{
"name" : "37942",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37942"
},
{
"name" : "1023503",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023503"
},
{
"name" : "38316",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38316"
},
{
"name" : "38346",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38346"
},
{
"name" : "38541",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38541"
},
{
"name" : "39317",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39317"
},
{
"name" : "43310",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/43310"
},
{
"name" : "57126",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/57126"
},
{
"name" : "ADV-2010-0213",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0213"
},
{
"name" : "tomcat-autodeploy-security-bypass(55856)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55856"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requirements via HTTP requests."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37942",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37942"
},
{
"name": "20100124 [SECURITY] CVE-2009-2901 Apache Tomcat insecure partial deploy after failed undeploy",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/509151/100/0/threaded"
},
{
"name": "HPSBMA02535",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"
},
{
"name": "http://svn.apache.org/viewvc?rev=892815&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?rev=892815&view=rev"
},
{
"name": "39317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39317"
},
{
"name": "openSUSE-SU-2012:1700",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00089.html"
},
{
"name": "MDVSA-2010:177",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:177"
},
{
"name": "43310",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/43310"
},
{
"name": "1023503",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023503"
},
{
"name": "SSRT100029",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "HPSBOV02762",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2"
},
{
"name": "38541",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38541"
},
{
"name": "MDVSA-2010:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "57126",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/57126"
},
{
"name": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"
},
{
"name": "USN-899-1",
"refsource": "UBUNTU",
"url": "http://ubuntu.com/usn/usn-899-1"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "SUSE-SR:2010:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"
},
{
"name": "openSUSE-SU-2013:0147",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00037.html"
},
{
"name": "38346",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38346"
},
{
"name": "tomcat-autodeploy-security-bypass(55856)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55856"
},
{
"name": "SSRT100825",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2"
},
{
"name": "http://tomcat.apache.org/security-5.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html"
},
{
"name": "38316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38316"
},
{
"name": "20110211 VMSA-2011-0003 Third party component updates for VMware vCenter Server, vCenter Update Manager, ESXi and ESX",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/516397/100/0/threaded"
},
{
"name": "ADV-2010-0213",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0213"
},
{
"name": "HPSBST02955",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=139344343412337&w=2"
},
{
"name": "http://svn.apache.org/viewvc?rev=902650&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?rev=902650&view=rev"
},
{
"name": "openSUSE-SU-2012:1701",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-12/msg00090.html"
}
]
}
}

130
2009/2xxx/CVE-2009-2915.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2915",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2915",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0908-exploits/discuz60-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0908-exploits/discuz60-sql.txt"
},
{
"name" : "36294",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36294"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36294",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36294"
},
{
"name": "http://packetstormsecurity.org/0908-exploits/discuz60-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0908-exploits/discuz60-sql.txt"
}
]
}
}

130
2009/3xxx/CVE-2009-3098.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3098",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a \"Remote exploit,\" as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3098",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://intevydis.com/vd-list.shtml",
"refsource" : "MISC",
"url" : "http://intevydis.com/vd-list.shtml"
},
{
"name" : "36535",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36535"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 on Windows Server 2003 SP2 allows remote attackers to have an unknown impact, related to a \"Remote exploit,\" as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36535"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
}
]
}
}

260
2009/3xxx/CVE-2009-3266.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as \"scripted content.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090916 Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506517/100/0/threaded"
},
{
"name" : "20091028 Hijacking Opera's Native Page using malicious RSS payloads",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html"
},
{
"name" : "http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/",
"refsource" : "MISC",
"url" : "http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/"
},
{
"name" : "http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads/",
"refsource" : "MISC",
"url" : "http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads/"
},
{
"name" : "http://www.opera.com/docs/changelogs/mac/1001/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/mac/1001/"
},
{
"name" : "http://www.opera.com/docs/changelogs/unix/1001/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/unix/1001/"
},
{
"name" : "http://www.opera.com/docs/changelogs/windows/1001/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/docs/changelogs/windows/1001/"
},
{
"name" : "http://www.opera.com/support/kb/view/939/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/support/kb/view/939/"
},
{
"name" : "36418",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36418"
},
{
"name" : "36850",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36850"
},
{
"name" : "59358",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/59358"
},
{
"name" : "oval:org.mitre.oval:def:6314",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6314"
},
{
"name" : "37182",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37182"
},
{
"name" : "ADV-2009-3073",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3073"
},
{
"name" : "opera-feed-security-bypass(54021)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54021"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) Atom feed, which allows remote attackers to conduct cross-site scripting (XSS) attacks, and conduct cross-zone scripting attacks involving the Feed Subscription Page to read feeds or create feed subscriptions, via a crafted feed, related to the rendering of the application/rss+xml content type as \"scripted content.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.opera.com/support/kb/view/939/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/support/kb/view/939/"
},
{
"name": "ADV-2009-3073",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3073"
},
{
"name": "20090916 Exploiting Chrome and Opera's inbuilt ATOM/RSS reader with Script Execution and more",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506517/100/0/threaded"
},
{
"name": "20091028 Hijacking Opera's Native Page using malicious RSS payloads",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-10/0289.html"
},
{
"name": "http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads/",
"refsource": "MISC",
"url": "http://securethoughts.com/2009/10/hijacking-operas-native-page-using-malicious-rss-payloads/"
},
{
"name": "59358",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59358"
},
{
"name": "http://www.opera.com/docs/changelogs/unix/1001/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/unix/1001/"
},
{
"name": "37182",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37182"
},
{
"name": "36850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36850"
},
{
"name": "http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/",
"refsource": "MISC",
"url": "http://securethoughts.com/2009/09/exploiting-chrome-and-operas-inbuilt-atomrss-reader-with-script-execution-and-more/"
},
{
"name": "36418",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36418"
},
{
"name": "opera-feed-security-bypass(54021)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54021"
},
{
"name": "oval:org.mitre.oval:def:6314",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6314"
},
{
"name": "http://www.opera.com/docs/changelogs/mac/1001/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/mac/1001/"
},
{
"name": "http://www.opera.com/docs/changelogs/windows/1001/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/docs/changelogs/windows/1001/"
}
]
}
}

150
2009/3xxx/CVE-2009-3752.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3752",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3752",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9122",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9122"
},
{
"name" : "35641",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35641"
},
{
"name" : "35677",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35677"
},
{
"name" : "opial-home-sql-injection(51678)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51678"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in home.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the genres_parent parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35677",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35677"
},
{
"name": "opial-home-sql-injection(51678)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51678"
},
{
"name": "35641",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35641"
},
{
"name": "9122",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9122"
}
]
}
}

230
2015/0xxx/CVE-2015-0272.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0272",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9",
"refsource" : "CONFIRM",
"url" : "http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1192132",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1192132"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "SUSE-SU-2016:2074",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
},
{
"name" : "SUSE-SU-2016:0354",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"
},
{
"name" : "SUSE-SU-2015:2108",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"
},
{
"name" : "SUSE-SU-2015:2194",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"
},
{
"name" : "SUSE-SU-2015:2292",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html"
},
{
"name" : "SUSE-SU-2015:2339",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
},
{
"name" : "SUSE-SU-2015:2350",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
},
{
"name" : "USN-2792-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2792-1"
},
{
"name" : "76814",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76814"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2015:2292",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html"
},
{
"name": "USN-2792-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2792-1"
},
{
"name": "SUSE-SU-2015:2350",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html"
},
{
"name": "SUSE-SU-2015:2194",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html"
},
{
"name": "SUSE-SU-2016:0354",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html"
},
{
"name": "SUSE-SU-2015:2339",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html"
},
{
"name": "SUSE-SU-2015:2108",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "76814",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76814"
},
{
"name": "http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9",
"refsource": "CONFIRM",
"url": "http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1192132",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1192132"
},
{
"name": "SUSE-SU-2016:2074",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.html"
}
]
}
}

150
2015/0xxx/CVE-2015-0642.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0642",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0642",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37816",
"refsource" : "CONFIRM",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37816"
},
{
"name" : "20150325 Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2"
},
{
"name" : "73333",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73333"
},
{
"name" : "1031978",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031978"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE 2.5.x, 2.6.x, 3.1.xS through 3.12.xS before 3.12.3S, 3.2.xE through 3.7.xE before 3.7.1E, 3.3.xSG, 3.4.xSG, and 3.13.xS before 3.13.2S allow remote attackers to cause a denial of service (device reload) by sending malformed IKEv2 packets over (1) IPv4 or (2) IPv6, aka Bug ID CSCum36951."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37816",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37816"
},
{
"name": "1031978",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031978"
},
{
"name": "73333",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73333"
},
{
"name": "20150325 Cisco IOS Software and IOS XE Software Internet Key Exchange Version 2 Denial of Service Vulnerabilities",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150325-ikev2"
}
]
}
}

130
2015/0xxx/CVE-2015-0703.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0703",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0703",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150420 Cisco Unified MeetingPlace Administrative Web Interface Reflected Cross-Site Scripting Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=38459"
},
{
"name" : "1032164",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032164"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the administrative web interface in Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus95857."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032164",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032164"
},
{
"name": "20150420 Cisco Unified MeetingPlace Administrative Web Interface Reflected Cross-Site Scripting Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=38459"
}
]
}
}

150
2015/3xxx/CVE-2015-3718.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-3718",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a \"type confusion\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-3718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT204942",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT204942"
},
{
"name" : "APPLE-SA-2015-06-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name" : "75493",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75493"
},
{
"name" : "1032760",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "systemstatsd in the System Stats subsystem in Apple OS X before 10.10.4 does not properly interpret data types encountered in interprocess communication, which allows attackers to execute arbitrary code with systemstatsd privileges via a crafted app, related to a \"type confusion\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-06-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html"
},
{
"name": "75493",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75493"
},
{
"name": "1032760",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032760"
},
{
"name": "http://support.apple.com/kb/HT204942",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT204942"
}
]
}
}

140
2015/4xxx/CVE-2015-4179.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4179",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4179",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150604 CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/06/03/3"
},
{
"name" : "[oss-security] 20150604 Re: CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/06/04/11"
},
{
"name" : "[oss-security] 20150613 Re: CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/06/13/3"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Codestyling Localization plugin 1.99.30 and earlier for Wordpress."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150613 Re: CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/13/3"
},
{
"name": "[oss-security] 20150604 CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/03/3"
},
{
"name": "[oss-security] 20150604 Re: CVE requests / Advisory: Codestyling Localization (Wordpress plugin) - multiple RCE via CSRF, multiple XSS",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/04/11"
}
]
}
}

150
2015/4xxx/CVE-2015-4393.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the \"Save file information\" permission to execute arbitrary code via a crafted filename."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"name" : "https://www.drupal.org/node/2471879",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2471879"
},
{
"name" : "https://www.drupal.org/node/2471847",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2471847"
},
{
"name" : "74365",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/74365"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The resource/endpoint for uploading files in the Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote authenticated users with the \"Save file information\" permission to execute arbitrary code via a crafted filename."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.drupal.org/node/2471879",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2471879"
},
{
"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"name": "74365",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74365"
},
{
"name": "https://www.drupal.org/node/2471847",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2471847"
}
]
}
}

34
2015/4xxx/CVE-2015-4566.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4566",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4566",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2015/4xxx/CVE-2015-4579.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4579",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4579",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2015/4xxx/CVE-2015-4603.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4603",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a \"type confusion\" issue."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-4603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150616 Re: CVE Request: various issues in PHP",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/06/16/12"
},
{
"name" : "http://php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://php.net/ChangeLog-5.php"
},
{
"name" : "https://bugs.php.net/bug.php?id=69152",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=69152"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "RHSA-2015:1187",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
},
{
"name" : "RHSA-2015:1135",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
},
{
"name" : "RHSA-2015:1186",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
},
{
"name" : "RHSA-2015:1218",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1218.html"
},
{
"name" : "75252",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75252"
},
{
"name" : "1032709",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032709"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The exception::getTraceAsString function in Zend/zend_exceptions.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to execute arbitrary code via an unexpected data type, related to a \"type confusion\" issue."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1187",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1187.html"
},
{
"name": "1032709",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032709"
},
{
"name": "RHSA-2015:1186",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1186.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "http://php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://php.net/ChangeLog-5.php"
},
{
"name": "https://bugs.php.net/bug.php?id=69152",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=69152"
},
{
"name": "[oss-security] 20150616 Re: CVE Request: various issues in PHP",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/06/16/12"
},
{
"name": "RHSA-2015:1135",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
},
{
"name": "75252",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75252"
},
{
"name": "RHSA-2015:1218",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1218.html"
}
]
}
}

250
2015/8xxx/CVE-2015-8213.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4",
"refsource" : "CONFIRM",
"url" : "https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4"
},
{
"name" : "https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/",
"refsource" : "CONFIRM",
"url" : "https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/"
},
{
"name" : "DSA-3404",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3404"
},
{
"name" : "FEDORA-2015-323274d412",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html"
},
{
"name" : "FEDORA-2015-a8c8f60fbd",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html"
},
{
"name" : "RHSA-2016:0129",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0129.html"
},
{
"name" : "RHSA-2016:0156",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0156.html"
},
{
"name" : "RHSA-2016:0157",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0157.html"
},
{
"name" : "RHSA-2016:0158",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0158.html"
},
{
"name" : "openSUSE-SU-2015:2199",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html"
},
{
"name" : "openSUSE-SU-2015:2202",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html"
},
{
"name" : "USN-2816-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2816-1"
},
{
"name" : "77750",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77750"
},
{
"name" : "1034237",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034237"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The get_format function in utils/formats.py in Django before 1.7.x before 1.7.11, 1.8.x before 1.8.7, and 1.9.x before 1.9rc2 might allow remote attackers to obtain sensitive application secrets via a settings key in place of a date/time format setting, as demonstrated by SECRET_KEY."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4",
"refsource": "CONFIRM",
"url": "https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4"
},
{
"name": "openSUSE-SU-2015:2199",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00014.html"
},
{
"name": "USN-2816-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2816-1"
},
{
"name": "RHSA-2016:0129",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0129.html"
},
{
"name": "https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/",
"refsource": "CONFIRM",
"url": "https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/"
},
{
"name": "FEDORA-2015-323274d412",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/174770.html"
},
{
"name": "1034237",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034237"
},
{
"name": "RHSA-2016:0158",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0158.html"
},
{
"name": "RHSA-2016:0157",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0157.html"
},
{
"name": "DSA-3404",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3404"
},
{
"name": "RHSA-2016:0156",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0156.html"
},
{
"name": "77750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77750"
},
{
"name": "FEDORA-2015-a8c8f60fbd",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-December/173375.html"
},
{
"name": "openSUSE-SU-2015:2202",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-12/msg00017.html"
}
]
}
}

140
2015/8xxx/CVE-2015-8488.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8488",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-8488",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://cs.cybozu.co.jp/2015/006075.html",
"refsource" : "CONFIRM",
"url" : "https://cs.cybozu.co.jp/2015/006075.html"
},
{
"name" : "JVN#28042424",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN28042424/index.html"
},
{
"name" : "JVNDB-2016-000021",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000021"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cybozu Office 10.3.0 allows remote attackers to read image files via a crafted e-mail message, a different vulnerability than CVE-2015-8487."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://cs.cybozu.co.jp/2015/006075.html",
"refsource": "CONFIRM",
"url": "https://cs.cybozu.co.jp/2015/006075.html"
},
{
"name": "JVN#28042424",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN28042424/index.html"
},
{
"name": "JVNDB-2016-000021",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000021"
}
]
}
}

34
2015/8xxx/CVE-2015-8525.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8525",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-8525",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

240
2015/8xxx/CVE-2015-8644.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-8644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "39476",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/39476/"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb16-01.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb16-01.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "GLSA-201601-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201601-03"
},
{
"name" : "RHSA-2015:2697",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2697.html"
},
{
"name" : "SUSE-SU-2015:2401",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html"
},
{
"name" : "SUSE-SU-2015:2402",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html"
},
{
"name" : "openSUSE-SU-2015:2400",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html"
},
{
"name" : "openSUSE-SU-2015:2403",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html"
},
{
"name" : "79704",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/79704"
},
{
"name" : "1034544",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034544"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code by leveraging an unspecified \"type confusion.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2015:2403",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00048.html"
},
{
"name": "1034544",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034544"
},
{
"name": "39476",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/39476/"
},
{
"name": "RHSA-2015:2697",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2697.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb16-01.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb16-01.html"
},
{
"name": "SUSE-SU-2015:2401",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00046.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name": "SUSE-SU-2015:2402",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00047.html"
},
{
"name": "openSUSE-SU-2015:2400",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00045.html"
},
{
"name": "79704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79704"
},
{
"name": "GLSA-201601-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201601-03"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
}
]
}
}

160
2015/8xxx/CVE-2015-8791.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8791",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8791",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[matroska-users] 20151020 libEBML v1.3.3, libMatroska v1.4.4 released: important fixes",
"refsource" : "MLIST",
"url" : "http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html"
},
{
"name" : "https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog",
"refsource" : "CONFIRM",
"url" : "https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog"
},
{
"name" : "https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90",
"refsource" : "CONFIRM",
"url" : "https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90"
},
{
"name" : "DSA-3538",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3538"
},
{
"name" : "openSUSE-SU-2016:0125",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3538",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3538"
},
{
"name": "https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90",
"refsource": "CONFIRM",
"url": "https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90"
},
{
"name": "openSUSE-SU-2016:0125",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-01/msg00035.html"
},
{
"name": "[matroska-users] 20151020 libEBML v1.3.3, libMatroska v1.4.4 released: important fixes",
"refsource": "MLIST",
"url": "http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html"
},
{
"name": "https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/Matroska-Org/libebml/blob/release-1.3.3/ChangeLog"
}
]
}
}

140
2016/5xxx/CVE-2016-5196.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@google.com",
"ID" : "CVE-2016-5196",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Google Chrome prior to 54.0.2840.85 for Android",
"version" : {
"version_data" : [
{
"version_value" : "Google Chrome prior to 54.0.2840.85 for Android"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "insufficient policy enforcement"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2016-5196",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Google Chrome prior to 54.0.2840.85 for Android",
"version": {
"version_data": [
{
"version_value": "Google Chrome prior to 54.0.2840.85 for Android"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://chromereleases.googleblog.com/2016/10/chrome-for-android-update_31.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2016/10/chrome-for-android-update_31.html"
},
{
"name" : "https://crbug.com/659492",
"refsource" : "CONFIRM",
"url" : "https://crbug.com/659492"
},
{
"name" : "94078",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/94078"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "insufficient policy enforcement"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2016/10/chrome-for-android-update_31.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2016/10/chrome-for-android-update_31.html"
},
{
"name": "https://crbug.com/659492",
"refsource": "CONFIRM",
"url": "https://crbug.com/659492"
},
{
"name": "94078",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94078"
}
]
}
}

210
2016/5xxx/CVE-2016-5276.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@mozilla.org",
"ID": "CVE-2016-5276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1287721",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1287721"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2016-86/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2016-86/"
},
{
"name" : "https://www.mozilla.org/security/advisories/mfsa2016-88/",
"refsource" : "CONFIRM",
"url" : "https://www.mozilla.org/security/advisories/mfsa2016-88/"
},
{
"name" : "DSA-3674",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3674"
},
{
"name" : "GLSA-201701-15",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201701-15"
},
{
"name" : "RHSA-2016:1912",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1912.html"
},
{
"name" : "93049",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/93049"
},
{
"name" : "1036852",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1036852"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an aria-owns attribute."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html"
},
{
"name": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2016/mfsa2016-85.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-86/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-86/"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1287721",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1287721"
},
{
"name": "DSA-3674",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3674"
},
{
"name": "GLSA-201701-15",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-15"
},
{
"name": "RHSA-2016:1912",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1912.html"
},
{
"name": "https://www.mozilla.org/security/advisories/mfsa2016-88/",
"refsource": "CONFIRM",
"url": "https://www.mozilla.org/security/advisories/mfsa2016-88/"
},
{
"name": "93049",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93049"
},
{
"name": "1036852",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036852"
}
]
}
}

34
2016/5xxx/CVE-2016-5375.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2016-5375",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-5375",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/2xxx/CVE-2018-2197.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2197",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2197",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

142
2018/2xxx/CVE-2018-2720.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2720",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Financial Services Liquidity Risk Management",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.0.x"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Liquidity Risk Management accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Financial Services Liquidity Risk Management",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.0.x"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "102655",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102655"
},
{
"name" : "1040214",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040214"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Financial Services Liquidity Risk Management component of Oracle Financial Services Applications (subcomponent: User Interface). The supported version that is affected is 8.0.x. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Liquidity Risk Management accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Liquidity Risk Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Liquidity Risk Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Liquidity Risk Management accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "1040214",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040214"
},
{
"name": "102655",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102655"
}
]
}
}

142
2018/2xxx/CVE-2018-2808.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2808",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Solaris Operating System",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "11.3"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Solaris Operating System",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "11.3"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "103881",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103881"
},
{
"name" : "1040702",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040702"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris. CVSS 3.0 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Solaris."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040702",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040702"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name": "103881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103881"
}
]
}
}

182
2018/6xxx/CVE-2018-6092.json
View File

@ -1,93 +1,93 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "chrome-cve-admin@google.com",
"ID" : "CVE-2018-6092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Chrome",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "66.0.3359.117"
}
]
}
}
]
},
"vendor_name" : "Google"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Integer overflow"
}
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2018-6092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Chrome",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "66.0.3359.117"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44860",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44860/"
},
{
"name" : "https://crbug.com/819869",
"refsource" : "MISC",
"url" : "https://crbug.com/819869"
},
{
"name" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html",
"refsource" : "CONFIRM",
"url" : "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
},
{
"name" : "DSA-4182",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4182"
},
{
"name" : "GLSA-201804-22",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201804-22"
},
{
"name" : "RHSA-2018:1195",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1195"
},
{
"name" : "103917",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103917"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An integer overflow on 32-bit systems in WebAssembly in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html",
"refsource": "CONFIRM",
"url": "https://chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html"
},
{
"name": "GLSA-201804-22",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201804-22"
},
{
"name": "44860",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44860/"
},
{
"name": "https://crbug.com/819869",
"refsource": "MISC",
"url": "https://crbug.com/819869"
},
{
"name": "DSA-4182",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4182"
},
{
"name": "103917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103917"
},
{
"name": "RHSA-2018:1195",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1195"
}
]
}
}

34
2018/6xxx/CVE-2018-6154.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6154",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6154",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/6xxx/CVE-2018-6321.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6321",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180309 Panda Global Security 17.0.1 - Unquoted service path",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Mar/25"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unquoted Windows search path vulnerability in the panda_url_filtering service in Panda Global Protection 17.0.1 allows local users to gain privileges via a malicious artefact."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180309 Panda Global Security 17.0.1 - Unquoted service path",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/25"
}
]
}
}

120
2018/6xxx/CVE-2018-6414.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "hsrc@hikvision.com",
"ID" : "CVE-2018-6414",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "DS-2DE4xxxW,DS-2DE5xxxW,DS-2DE7xxxW",
"version" : {
"version_data" : [
{
"version_value" : "V5.5.6 build180408 and previous versions"
}
]
}
}
]
},
"vendor_name" : "hikvision"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Buffer Overflow"
}
"CVE_data_meta": {
"ASSIGNER": "hsrc@hikvision.com",
"ID": "CVE-2018-6414",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "DS-2DE4xxxW,DS-2DE5xxxW,DS-2DE7xxxW",
"version": {
"version_data": [
{
"version_value": "V5.5.6 build180408 and previous versions"
}
]
}
}
]
},
"vendor_name": "hikvision"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.hikvision.com/en/Support/Cybersecurity-Center/Security-Advisory/431181228784397",
"refsource" : "CONFIRM",
"url" : "http://www.hikvision.com/en/Support/Cybersecurity-Center/Security-Advisory/431181228784397"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A buffer overflow vulnerability in the web server of some Hikvision IP Cameras allows an attacker to send a specially crafted message to affected devices. Due to the insufficient input validation, successful exploit can corrupt memory and lead to arbitrary code execution or crash the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.hikvision.com/en/Support/Cybersecurity-Center/Security-Advisory/431181228784397",
"refsource": "CONFIRM",
"url": "http://www.hikvision.com/en/Support/Cybersecurity-Center/Security-Advisory/431181228784397"
}
]
}
}

120
2018/7xxx/CVE-2018-7102.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security-alert@hpe.com",
"ID" : "CVE-2018-7102",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HPE Intelligent Management Center (iMC) PLAT",
"version" : {
"version_data" : [
{
"version_value" : "E0506P09"
}
]
}
}
]
},
"vendor_name" : "Hewlett Packard Enterprise"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Arbitrary File Modification"
}
"CVE_data_meta": {
"ASSIGNER": "security-alert@hpe.com",
"ID": "CVE-2018-7102",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HPE Intelligent Management Center (iMC) PLAT",
"version": {
"version_data": [
{
"version_value": "E0506P09"
}
]
}
}
]
},
"vendor_name": "Hewlett Packard Enterprise"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03887en_us",
"refsource" : "CONFIRM",
"url" : "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03887en_us"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security vulnerability in HPE Intelligent Management Center (iMC) PLAT E0506P09, createFabricAutoCfgFile could be remotely exploited via directory traversal to allow remote arbitrary file modification."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Arbitrary File Modification"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03887en_us",
"refsource": "CONFIRM",
"url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03887en_us"
}
]
}
}

120
2018/7xxx/CVE-2018-7277.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7277",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7277",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://misteralfa-hack.blogspot.com/2018/02/bacnet-entrando-en-materia.html",
"refsource" : "MISC",
"url" : "http://misteralfa-hack.blogspot.com/2018/02/bacnet-entrando-en-materia.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent XSS exists in the web server. Remote attackers can inject malicious JavaScript code using the device's BACnet implementation. This is similar to a Cross Protocol Injection with SNMP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://misteralfa-hack.blogspot.com/2018/02/bacnet-entrando-en-materia.html",
"refsource": "MISC",
"url": "http://misteralfa-hack.blogspot.com/2018/02/bacnet-entrando-en-materia.html"
}
]
}
}

34
2019/1xxx/CVE-2019-1107.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1107",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1107",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1154.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1154",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1154",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1300.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1300",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1300",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/1xxx/CVE-2019-1430.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-1430",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-1430",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5293.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5293",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5293",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5585.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5585",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5585",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2019/5xxx/CVE-2019-5918.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2019-5918",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Nablarch 5",
"version" : {
"version_data" : [
{
"version_value" : "Nablarch 5, and 5u1 to 5u13"
}
]
}
}
]
},
"vendor_name" : "TIS Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "XML external entities (XXE)"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2019-5918",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Nablarch 5",
"version": {
"version_data": [
{
"version_value": "Nablarch 5, and 5u1 to 5u13"
}
]
}
}
]
},
"vendor_name": "TIS Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://nablarch.atlassian.net/projects/NAB/issues/NAB-295",
"refsource" : "MISC",
"url" : "https://nablarch.atlassian.net/projects/NAB/issues/NAB-295"
},
{
"name" : "JVN#56542712",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN56542712/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Nablarch 5 (5, and 5u1 to 5u13) allows remote attackers to conduct XML External Entity (XXE) attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XML external entities (XXE)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nablarch.atlassian.net/projects/NAB/issues/NAB-295",
"refsource": "MISC",
"url": "https://nablarch.atlassian.net/projects/NAB/issues/NAB-295"
},
{
"name": "JVN#56542712",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN56542712/index.html"
}
]
}
}