admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:20:34 +00:00
parent 351dd27c3a
commit 7731836699
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 4001 additions and 4001 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

140
2002/2xxx/CVE-2002-2095.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2002-2095", "ID": "CVE-2002-2095",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Joe Testa hellbent 01 webserver allows attackers to read files that are specified in the hellbent.prefs file by creating a file with a similar name in the web root, as demonstrated using (1) index.webroot and (2) index.ipallow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20020118 Vulnerability in hellbent", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-01/0228.html" "lang": "eng",
}, "value": "Joe Testa hellbent 01 webserver allows attackers to read files that are specified in the hellbent.prefs file by creating a file with a similar name in the web root, as demonstrated using (1) index.webroot and (2) index.ipallow."
{ }
"name" : "3909", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/3909" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "hellbent-prefs-obtain-info(7931)", "description": [
"refsource" : "XF", {
"url" : "http://www.iss.net/security_center/static/7931.php" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "hellbent-prefs-obtain-info(7931)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7931.php"
},
{
"name": "3909",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3909"
},
{
"name": "20020118 Vulnerability in hellbent",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-01/0228.html"
}
]
}
}

200
2005/0xxx/CVE-2005-0131.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0131", "ID": "CVE-2005-0131",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050119 Multiple vulnerabilities in Konversation", "description_data": [
"refsource" : "FULLDISC", {
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html" "lang": "eng",
}, "value": "The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users."
{ }
"name" : "20050119 Multiple vulnerabilities in Konversation", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=110626383310742&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.kde.org/info/security/advisory-20050121-1.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.kde.org/info/security/advisory-20050121-1.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200501-34", ]
"refsource" : "GENTOO", }
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml" ]
}, },
{ "references": {
"name" : "12312", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12312" "name": "13919",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/13919"
"name" : "1012972", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1012972" "name": "20050119 Multiple vulnerabilities in Konversation",
}, "refsource": "FULLDISC",
{ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html"
"name" : "13919", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13919" "name": "http://www.kde.org/info/security/advisory-20050121-1.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.kde.org/info/security/advisory-20050121-1.txt"
"name" : "13989", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/13989" "name": "12312",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/12312"
"name" : "konversation-nick-password-information-disclosure(19038)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19038" "name": "13989",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/13989"
} },
} {
"name": "konversation-nick-password-information-disclosure(19038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19038"
},
{
"name": "GLSA-200501-34",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml"
},
{
"name": "20050119 Multiple vulnerabilities in Konversation",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110626383310742&w=2"
},
{
"name": "1012972",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012972"
}
]
}
}

150
2005/0xxx/CVE-2005-0139.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0139", "ID": "CVE-2005-0139",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not sufficiently restrict access rights for read-mostly exports, which allows attackers to conduct unauthorized activities."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050601-01-U", "description_data": [
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20050601-01-U" "lang": "eng",
}, "value": "Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not sufficiently restrict access rights for read-mostly exports, which allows attackers to conduct unauthorized activities."
{ }
"name" : "P-214", ]
"refsource" : "CIAC", },
"url" : "http://www.ciac.org/ciac/bulletins/p-214.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-0702", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/0702" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15619", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/15619" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20050601-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20050601-01-U"
},
{
"name": "ADV-2005-0702",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0702"
},
{
"name": "15619",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15619"
},
{
"name": "P-214",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-214.shtml"
}
]
}
}

170
2005/0xxx/CVE-2005-0323.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0323", "ID": "CVE-2005-0323",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050129 XSS in Infinite Mobile Delivery v2.6 Webmail", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110703630922262&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL."
{ }
"name" : "http://www.lovebug.org/imd_advisory.txt", ]
"refsource" : "MISC", },
"url" : "http://www.lovebug.org/imd_advisory.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "12399", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12399" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1013044", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1013044" ]
}, },
{ "references": {
"name" : "14075", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14075" "name": "12399",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/12399"
"name" : "infinite-mobile-delivery-xss(19151)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19151" "name": "14075",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/14075"
} },
} {
"name": "infinite-mobile-delivery-xss(19151)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19151"
},
{
"name": "http://www.lovebug.org/imd_advisory.txt",
"refsource": "MISC",
"url": "http://www.lovebug.org/imd_advisory.txt"
},
{
"name": "20050129 XSS in Infinite Mobile Delivery v2.6 Webmail",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110703630922262&w=2"
},
{
"name": "1013044",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013044"
}
]
}
}

170
2005/0xxx/CVE-2005-0385.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@debian.org",
"ID" : "CVE-2005-0385", "ID": "CVE-2005-0385",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in luxman before 0.41, if used with certain insecure svgalib libraries, allows local users to execute arbitrary code via a long -f command line argument."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050314 DMA[2005-0310a] - 'Frank McIngvale LuxMan buffer overflow'", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/393195/2005-03-13/2005-03-19/0" "lang": "eng",
}, "value": "Buffer overflow in luxman before 0.41, if used with certain insecure svgalib libraries, allows local users to execute arbitrary code via a long -f command line argument."
{ }
"name" : "http://www.digitalmunition.com/DMA[2005-0310a].txt", ]
"refsource" : "MISC", },
"url" : "http://www.digitalmunition.com/DMA[2005-0310a].txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "DSA-693", "description": [
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2005/dsa-693" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "12797", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/12797" ]
}, },
{ "references": {
"name" : "14582", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14582" "name": "DSA-693",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2005/dsa-693"
"name" : "luxman-bo-execute-commands(19680)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19680" "name": "20050314 DMA[2005-0310a] - 'Frank McIngvale LuxMan buffer overflow'",
} "refsource": "BUGTRAQ",
] "url": "http://www.securityfocus.com/archive/1/393195/2005-03-13/2005-03-19/0"
} },
} {
"name": "luxman-bo-execute-commands(19680)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19680"
},
{
"name": "http://www.digitalmunition.com/DMA[2005-0310a].txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA[2005-0310a].txt"
},
{
"name": "12797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12797"
},
{
"name": "14582",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14582"
}
]
}
}

160
2005/0xxx/CVE-2005-0414.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0414", "ID": "CVE-2005-0414",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via a reply post action for index.php with (1) the t parameter or (2) the qu parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050124 Multiple vulnerabilities in MercuryBoard 1.1.1", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110661795632354&w=2" "lang": "eng",
}, "value": "SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via a reply post action for index.php with (1) the t parameter or (2) the qu parameter."
{ }
"name" : "20050209 Mercuryboard =?iso-8859-1?Q?<=3D?= 1.1.1 Working Sql Injection", ]
"refsource" : "BUGTRAQ", },
"url" : "http://marc.info/?l=bugtraq&m=110797495532358&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://cvs.sunsite.dk/viewcvs.cgi/mercury/func/post.php.diff?r1=1.68&r2=1.70", "description": [
"refsource" : "CONFIRM", {
"url" : "http://cvs.sunsite.dk/viewcvs.cgi/mercury/func/post.php.diff?r1=1.68&r2=1.70" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1013137", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1013137" ]
}, },
{ "references": {
"name" : "mercuryboard-index-sql-injection(19051)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19051" "name": "20050124 Multiple vulnerabilities in MercuryBoard 1.1.1",
} "refsource": "BUGTRAQ",
] "url": "http://marc.info/?l=bugtraq&m=110661795632354&w=2"
} },
} {
"name": "http://cvs.sunsite.dk/viewcvs.cgi/mercury/func/post.php.diff?r1=1.68&r2=1.70",
"refsource": "CONFIRM",
"url": "http://cvs.sunsite.dk/viewcvs.cgi/mercury/func/post.php.diff?r1=1.68&r2=1.70"
},
{
"name": "1013137",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013137"
},
{
"name": "20050209 Mercuryboard =?iso-8859-1?Q?<=3D?= 1.1.1 Working Sql Injection",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110797495532358&w=2"
},
{
"name": "mercuryboard-index-sql-injection(19051)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19051"
}
]
}
}

140
2005/1xxx/CVE-2005-1450.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1450", "ID": "CVE-2005-1450",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in \"the function used to validate path-names for uploading media\" in Serendipity before 0.8 has unknown impact."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.s9y.org/63.html#A9", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.s9y.org/63.html#A9" "lang": "eng",
}, "value": "Unknown vulnerability in \"the function used to validate path-names for uploading media\" in Serendipity before 0.8 has unknown impact."
{ }
"name" : "15877", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/15877" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15145", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15145" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "15145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15145"
},
{
"name": "http://www.s9y.org/63.html#A9",
"refsource": "CONFIRM",
"url": "http://www.s9y.org/63.html#A9"
},
{
"name": "15877",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15877"
}
]
}
}

490
2005/1xxx/CVE-2005-1704.json
View File

@ -1,247 +1,247 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-1704", "ID": "CVE-2005-1704",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/464745/100/0/threaded" "lang": "eng",
}, "value": "Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer overflow."
{ }
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=91398", ]
"refsource" : "CONFIRM", },
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=91398" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf", "description": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm", ]
"refsource" : "CONFIRM", }
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm" ]
}, },
{ "references": {
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm" "name": "13697",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/13697"
"name" : "http://www.vmware.com/support/vi3/doc/esx-55052-patch.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.vmware.com/support/vi3/doc/esx-55052-patch.html" "name": "17072",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17072"
"name" : "CLA-2006:1060", },
"refsource" : "CONECTIVA", {
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001060" "name": "21122",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21122"
"name" : "GLSA-200505-15", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200505-15.xml" "name": "2005-0025",
}, "refsource": "TRUSTIX",
{ "url": "http://www.trustix.org/errata/2005/0025/"
"name" : "GLSA-200506-01", },
"refsource" : "GENTOO", {
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-178.htm"
"name" : "MDKSA-2005:095", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095" "name": "http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2005-222.pdf"
"name" : "MDKSA-2005:215", },
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:215" "name": "RHSA-2006:0368",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0368.html"
"name" : "RHSA-2005:659", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-659.html" "name": "20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/464745/100/0/threaded"
"name" : "RHSA-2005:763", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-763.html" "name": "18506",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18506"
"name" : "RHSA-2005:801", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-801.html" "name": "CLA-2006:1060",
}, "refsource": "CONECTIVA",
{ "url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001060"
"name" : "RHSA-2005:673", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-673.html" "name": "RHSA-2005:709",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-709.html"
"name" : "RHSA-2005:709", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-709.html" "name": "ADV-2007-1267",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2007/1267"
"name" : "RHSA-2006:0368", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0368.html" "name": "21262",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/21262"
"name" : "RHSA-2006:0354", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2006-0354.html" "name": "RHSA-2005:673",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-673.html"
"name" : "20060703-01-P", },
"refsource" : "SGI", {
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc" "name": "MDKSA-2005:215",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:215"
"name" : "2005-0025", },
"refsource" : "TRUSTIX", {
"url" : "http://www.trustix.org/errata/2005/0025/" "name": "17001",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17001"
"name" : "USN-136-1", },
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/136-1/" "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm",
}, "refsource": "CONFIRM",
{ "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-015.htm"
"name" : "13697", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/13697" "name": "RHSA-2006:0354",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2006-0354.html"
"name" : "oval:org.mitre.oval:def:9071", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9071" "name": "RHSA-2005:801",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-801.html"
"name" : "ADV-2007-1267", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2007/1267" "name": "RHSA-2005:763",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-763.html"
"name" : "16757", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/16757" "name": "24788",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/24788"
"name" : "1016544", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1016544" "name": "USN-136-1",
}, "refsource": "UBUNTU",
{ "url": "https://usn.ubuntu.com/136-1/"
"name" : "15527", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15527" "name": "GLSA-200505-15",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200505-15.xml"
"name" : "17718", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17718" "name": "GLSA-200506-01",
}, "refsource": "GENTOO",
{ "url": "http://www.gentoo.org/security/en/glsa/glsa-200506-01.xml"
"name" : "17072", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17072" "name": "oval:org.mitre.oval:def:9071",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9071"
"name" : "17135", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17135" "name": "MDKSA-2005:095",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:095"
"name" : "17257", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17257" "name": "15527",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/15527"
"name" : "17356", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17356" "name": "17257",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17257"
"name" : "17001", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17001" "name": "17135",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17135"
"name" : "18506", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18506" "name": "17356",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17356"
"name" : "21122", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21122" "name": "1016544",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1016544"
"name" : "21262", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21262" "name": "17718",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17718"
"name" : "21717", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/21717" "name": "http://bugs.gentoo.org/show_bug.cgi?id=91398",
}, "refsource": "CONFIRM",
{ "url": "http://bugs.gentoo.org/show_bug.cgi?id=91398"
"name" : "24788", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/24788" "name": "http://www.vmware.com/support/vi3/doc/esx-55052-patch.html",
} "refsource": "CONFIRM",
] "url": "http://www.vmware.com/support/vi3/doc/esx-55052-patch.html"
} },
} {
"name": "16757",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16757"
},
{
"name": "21717",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21717"
},
{
"name": "RHSA-2005:659",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-659.html"
},
{
"name": "20060703-01-P",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060703-01-U.asc"
}
]
}
}

160
2005/4xxx/CVE-2005-4015.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4015", "ID": "CVE-2005-4015",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051128 Php Web Statistik Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html" "lang": "eng",
}, "value": "PHP Web Statistik 1.4 does not rotate the log database or limit the size of the referer field, which allows remote attackers to fill the log files via a large number of requests, as demonstrated using pixel.php."
{ }
"name" : "http://www.ush.it/2005/11/19/php-web-statistik/", ]
"refsource" : "MISC", },
"url" : "http://www.ush.it/2005/11/19/php-web-statistik/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://freewebstat.com/changelog-english.html", "description": [
"refsource" : "MISC", {
"url" : "http://freewebstat.com/changelog-english.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "214", ]
"refsource" : "SREASON", }
"url" : "http://securityreason.com/securityalert/214" ]
}, },
{ "references": {
"name" : "phpwebstatistik-disk-quota-dos(23386)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23386" "name": "http://freewebstat.com/changelog-english.html",
} "refsource": "MISC",
] "url": "http://freewebstat.com/changelog-english.html"
} },
} {
"name": "20051128 Php Web Statistik Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html"
},
{
"name": "http://www.ush.it/2005/11/19/php-web-statistik/",
"refsource": "MISC",
"url": "http://www.ush.it/2005/11/19/php-web-statistik/"
},
{
"name": "phpwebstatistik-disk-quota-dos(23386)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23386"
},
{
"name": "214",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/214"
}
]
}
}

190
2005/4xxx/CVE-2005-4085.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4085", "ID": "CVE-2005-4085",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20060105 Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability", "description_data": [
"refsource" : "IDEFENSE", {
"url" : "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364" "lang": "eng",
}, "value": "Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header."
{ }
"name" : "http://www.bluecoat.com/support/knowledge/advisory_host_header_stack_overflow.html", ]
"refsource" : "CONFIRM", },
"url" : "http://www.bluecoat.com/support/knowledge/advisory_host_header_stack_overflow.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "16147", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/16147" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2006-0065", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2006/0065" ]
}, },
{ "references": {
"name" : "ADV-2006-0622", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/0622" "name": "18909",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18909"
"name" : "1015441", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015441" "name": "1015441",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015441"
"name" : "18288", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18288" "name": "ADV-2006-0622",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/0622"
"name" : "18909", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18909" "name": "ADV-2006-0065",
} "refsource": "VUPEN",
] "url": "http://www.vupen.com/english/advisories/2006/0065"
} },
} {
"name": "18288",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18288"
},
{
"name": "20060105 Blue Coat Systems WinProxy Host Header Stack Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/intelligence/vulnerabilities/display.php?id=364"
},
{
"name": "http://www.bluecoat.com/support/knowledge/advisory_host_header_stack_overflow.html",
"refsource": "CONFIRM",
"url": "http://www.bluecoat.com/support/knowledge/advisory_host_header_stack_overflow.html"
},
{
"name": "16147",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16147"
}
]
}
}

140
2005/4xxx/CVE-2005-4615.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4615", "ID": "CVE-2005-4615",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/11/dapperdesk-30x-page-sql-inj.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/11/dapperdesk-30x-page-sql-inj.html" "lang": "eng",
}, "value": "SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter."
{ }
"name" : "21315", ]
"refsource" : "OSVDB", },
"url" : "http://www.osvdb.org/21315" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "dapperdesk-news-sql-injection(24354)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24354" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "21315",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21315"
},
{
"name": "http://pridels0.blogspot.com/2005/11/dapperdesk-30x-page-sql-inj.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/dapperdesk-30x-page-sql-inj.html"
},
{
"name": "dapperdesk-news-sql-injection(24354)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24354"
}
]
}
}

180
2009/0xxx/CVE-2009-0063.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0063", "ID": "CVE-2009-0063",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."
{ }
"name" : "34641", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/34641" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "53944", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/53944" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1022116", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1022116" ]
}, },
{ "references": {
"name" : "34885", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34885" "name": "ADV-2009-1155",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/1155"
"name" : "ADV-2009-1155", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1155" "name": "34885",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34885"
"name" : "brightmail-controlcenter-xss(50074)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50074" "name": "brightmail-controlcenter-xss(50074)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50074"
} },
} {
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090423_01"
},
{
"name": "1022116",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022116"
},
{
"name": "34641",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34641"
},
{
"name": "53944",
"refsource": "OSVDB",
"url": "http://osvdb.org/53944"
}
]
}
}

180
2009/0xxx/CVE-2009-0497.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0497", "ID": "CVE-2009-0497",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in the log parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090108 CORE-2008-1128: Openfire multiple vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/499880/100/0/threaded" "lang": "eng",
}, "value": "Directory traversal vulnerability in log.jsp in Ignite Realtime Openfire 3.6.2 allows remote attackers to read arbitrary files via a ..\\ (dot dot backslash) in the log parameter."
{ }
"name" : "http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp", ]
"refsource" : "MISC", },
"url" : "http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.coresecurity.com/content/openfire-multiple-vulnerabilities", "description": [
"refsource" : "MISC", {
"url" : "http://www.coresecurity.com/content/openfire-multiple-vulnerabilities" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=257585", ]
"refsource" : "MISC", }
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=257585" ]
}, },
{ "references": {
"name" : "32945", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/32945" "name": "https://bugs.gentoo.org/show_bug.cgi?id=257585",
}, "refsource": "MISC",
{ "url": "https://bugs.gentoo.org/show_bug.cgi?id=257585"
"name" : "33452", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/33452" "name": "http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp",
}, "refsource": "MISC",
{ "url": "http://svn.igniterealtime.org/svn/repos/openfire/trunk/src/web/log.jsp"
"name" : "openfire-log-directory-traversal(47806)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47806" "name": "33452",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/33452"
} },
} {
"name": "32945",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32945"
},
{
"name": "20090108 CORE-2008-1128: Openfire multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/499880/100/0/threaded"
},
{
"name": "openfire-log-directory-traversal(47806)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47806"
},
{
"name": "http://www.coresecurity.com/content/openfire-multiple-vulnerabilities",
"refsource": "MISC",
"url": "http://www.coresecurity.com/content/openfire-multiple-vulnerabilities"
}
]
}
}

170
2009/0xxx/CVE-2009-0691.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2009-0691", "ID": "CVE-2009-0691",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.foxitsoftware.com/pdf/reader/security.htm#0602", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.foxitsoftware.com/pdf/reader/security.htm#0602" "lang": "eng",
}, "value": "The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit Reader 3.0 before Build 1817 does not properly handle a fatal error during decoding of a JPEG2000 (aka JPX) header, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted PDF file that triggers an invalid memory access."
{ }
"name" : "VU#251793", ]
"refsource" : "CERT-VN", },
"url" : "http://www.kb.cert.org/vuls/id/251793" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35443", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35443" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1022425", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1022425" ]
}, },
{ "references": {
"name" : "35512", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35512" "name": "http://www.foxitsoftware.com/pdf/reader/security.htm#0602",
}, "refsource": "CONFIRM",
{ "url": "http://www.foxitsoftware.com/pdf/reader/security.htm#0602"
"name" : "ADV-2009-1640", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/1640" "name": "1022425",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1022425"
} },
} {
"name": "VU#251793",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/251793"
},
{
"name": "35443",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35443"
},
{
"name": "35512",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35512"
},
{
"name": "ADV-2009-1640",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1640"
}
]
}
}

220
2009/0xxx/CVE-2009-0876.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0876", "ID": "CVE-2009-0876",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20090316 CVE-2009-0876 (VirtualBox) references", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2009/03/15/1" "lang": "eng",
}, "value": "Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN."
{ }
"name" : "[oss-security] 20090317 Re: CVE-2009-0876 (VirtualBox) references", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2009/03/17/2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "254568", "description": [
"refsource" : "SUNALERT", {
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254568-1" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.virtualbox.org/ticket/3444", ]
"refsource" : "CONFIRM", }
"url" : "http://www.virtualbox.org/ticket/3444" ]
}, },
{ "references": {
"name" : "https://bugs.gentoo.org/show_bug.cgi?id=260331", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugs.gentoo.org/show_bug.cgi?id=260331" "name": "34080",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34080"
"name" : "34080", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34080" "name": "xvmvirtualbox-unspecified-priv-escalation(49193)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49193"
"name" : "52580", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/52580" "name": "ADV-2009-0674",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0674"
"name" : "1021841", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021841" "name": "[oss-security] 20090316 CVE-2009-0876 (VirtualBox) references",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/03/15/1"
"name" : "34232", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34232" "name": "https://bugs.gentoo.org/show_bug.cgi?id=260331",
}, "refsource": "CONFIRM",
{ "url": "https://bugs.gentoo.org/show_bug.cgi?id=260331"
"name" : "ADV-2009-0674", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0674" "name": "[oss-security] 20090317 Re: CVE-2009-0876 (VirtualBox) references",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/03/17/2"
"name" : "xvmvirtualbox-unspecified-priv-escalation(49193)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49193" "name": "http://www.virtualbox.org/ticket/3444",
} "refsource": "CONFIRM",
] "url": "http://www.virtualbox.org/ticket/3444"
} },
} {
"name": "1021841",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021841"
},
{
"name": "34232",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34232"
},
{
"name": "52580",
"refsource": "OSVDB",
"url": "http://osvdb.org/52580"
},
{
"name": "254568",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-254568-1"
}
]
}
}

200
2009/0xxx/CVE-2009-0981.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2009-0981", "ID": "CVE-2009-0981",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090416 Unprivileged DB users can see APEX password hashes", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/502724/100/0/threaded" "lang": "eng",
}, "value": "Unspecified vulnerability in the Application Express component in Oracle Database 11.1.0.7 allows remote authenticated users to affect confidentiality, related to APEX. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue allows remote authenticated users to obtain APEX password hashes from the WWV_FLOW_USERS table via a SELECT statement."
{ }
"name" : "8456", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/8456" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.red-database-security.com/advisory/apex_password_hashes.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.red-database-security.com/advisory/apex_password_hashes.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html" ]
}, },
{ "references": {
"name" : "TA09-105A", "reference_data": [
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-105A.html" "name": "34461",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/34461"
"name" : "34461", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34461" "name": "34693",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34693"
"name" : "53738", },
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/53738" "name": "TA09-105A",
}, "refsource": "CERT",
{ "url": "http://www.us-cert.gov/cas/techalerts/TA09-105A.html"
"name" : "1022052", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022052" "name": "20090416 Unprivileged DB users can see APEX password hashes",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/502724/100/0/threaded"
"name" : "34693", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34693" "name": "http://www.red-database-security.com/advisory/apex_password_hashes.html",
} "refsource": "MISC",
] "url": "http://www.red-database-security.com/advisory/apex_password_hashes.html"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuapr2009-099563.html"
},
{
"name": "53738",
"refsource": "OSVDB",
"url": "http://osvdb.org/53738"
},
{
"name": "1022052",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022052"
},
{
"name": "8456",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8456"
}
]
}
}

140
2009/1xxx/CVE-2009-1277.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1277", "ID": "CVE-2009-1277",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8350", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8350" "lang": "eng",
}, "value": "SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2."
{ }
"name" : "34370", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/34370" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "gravityboardx-index-sql-injection(49678)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49678" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "34370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34370"
},
{
"name": "8350",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8350"
},
{
"name": "gravityboardx-index-sql-injection(49678)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49678"
}
]
}
}

140
2009/1xxx/CVE-2009-1752.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-1752", "ID": "CVE-2009-1752",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8744", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/8744" "lang": "eng",
}, "value": "exJune Office Message System 1 does not properly restrict access to (1) configure.asp and (2) addmessage2.asp, which allows remote attackers to gain privileges a direct request. NOTE: some of these details are obtained from third party information."
{ }
"name" : "35172", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/35172" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oms-configure-addmessage2-security-bypass(50647)", "description": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50647" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "oms-configure-addmessage2-security-bypass(50647)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50647"
},
{
"name": "8744",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8744"
},
{
"name": "35172",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35172"
}
]
}
}

190
2009/3xxx/CVE-2009-3845.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2009-3845", "ID": "CVE-2009-3845",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20091209 ZDI-09-094: Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/508345/100/0/threaded" "lang": "eng",
}, "value": "The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts."
{ }
"name" : "http://zerodayinitiative.com/advisories/ZDI-09-094/", ]
"refsource" : "MISC", },
"url" : "http://zerodayinitiative.com/advisories/ZDI-09-094/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "HPSBMA02483", "description": [
"refsource" : "HP", {
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "SSRT090037", ]
"refsource" : "HP", }
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877" ]
}, },
{ "references": {
"name" : "SSRT090257", "reference_data": [
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=126046355120442&w=2" "name": "http://zerodayinitiative.com/advisories/ZDI-09-094/",
}, "refsource": "MISC",
{ "url": "http://zerodayinitiative.com/advisories/ZDI-09-094/"
"name" : "37261", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37261" "name": "20091209 ZDI-09-094: Hewlett-Packard OpenView NNM Multiple Command Injection Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/508345/100/0/threaded"
"name" : "37300", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/37300" "name": "37261",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/37261"
"name" : "hp-openviewnnm-hostname-command-execution(54651)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54651" "name": "SSRT090257",
} "refsource": "HP",
] "url": "http://marc.info/?l=bugtraq&m=126046355120442&w=2"
} },
} {
"name": "SSRT090037",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877"
},
{
"name": "hp-openviewnnm-hostname-command-execution(54651)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54651"
},
{
"name": "37300",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37300"
},
{
"name": "HPSBMA02483",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877"
}
]
}
}

190
2009/3xxx/CVE-2009-3879.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-3879", "ID": "CVE-2009-3879",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in the (1) X11 and (2) Win32GraphicsDevice subsystems in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and attack vectors, related to failure to clone arrays that are returned by the getConfigurations function, aka Bug Id 6822057."
{ }
"name" : "http://java.sun.com/javase/6/webnotes/6u17.html", ]
"refsource" : "CONFIRM", },
"url" : "http://java.sun.com/javase/6/webnotes/6u17.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=530297", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=530297" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-200911-02", ]
"refsource" : "GENTOO", }
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml" ]
}, },
{ "references": {
"name" : "MDVSA-2010:084", "reference_data": [
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" "name": "oval:org.mitre.oval:def:7545",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545"
"name" : "oval:org.mitre.oval:def:7545", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7545" "name": "GLSA-200911-02",
}, "refsource": "GENTOO",
{ "url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
"name" : "oval:org.mitre.oval:def:9568", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=530297",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=530297"
"name" : "37386", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37386" "name": "oval:org.mitre.oval:def:9568",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9568"
} },
} {
"name": "http://java.sun.com/javase/6/webnotes/6u17.html",
"refsource": "CONFIRM",
"url": "http://java.sun.com/javase/6/webnotes/6u17.html"
},
{
"name": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html",
"refsource": "CONFIRM",
"url": "http://java.sun.com/j2se/1.5.0/ReleaseNotes.html"
},
{
"name": "MDVSA-2010:084",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
}
]
}
}

230
2009/4xxx/CVE-2009-4028.json
View File

@ -1,117 +1,117 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2009-4028", "ID": "CVE-2009-4028",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320", "description_data": [
"refsource" : "MLIST", {
"url" : "http://lists.mysql.com/commits/87446" "lang": "eng",
}, "value": "The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library."
{ }
"name" : "[oss-security] 20091119 mysql-5.1.41", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2009/11/19/3" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20091121 CVE Request - MySQL - 5.0.88", "description": [
"refsource" : "MLIST", {
"url" : "http://marc.info/?l=oss-security&m=125881733826437&w=2" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "[oss-security] 20091123 Re: mysql-5.1.41", ]
"refsource" : "MLIST", }
"url" : "http://www.openwall.com/lists/oss-security/2009/11/23/16" ]
}, },
{ "references": {
"name" : "http://bugs.mysql.com/47320", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://bugs.mysql.com/47320" "name": "oval:org.mitre.oval:def:8510",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510"
"name" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html", },
"refsource" : "CONFIRM", {
"url" : "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html" "name": "RHSA-2010:0109",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2010-0109.html"
"name" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html", },
"refsource" : "CONFIRM", {
"url" : "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html" "name": "ADV-2010-1107",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2010/1107"
"name" : "RHSA-2010:0109", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0109.html" "name": "SUSE-SR:2010:011",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
"name" : "SUSE-SR:2010:011", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" "name": "[oss-security] 20091119 mysql-5.1.41",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2009/11/19/3"
"name" : "oval:org.mitre.oval:def:10940", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940" "name": "[commits] 20091020 bzr commit into mysql-4.1 branch (joro:2709) Bug#47320",
}, "refsource": "MLIST",
{ "url": "http://lists.mysql.com/commits/87446"
"name" : "oval:org.mitre.oval:def:8510", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8510" "name": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html",
}, "refsource": "CONFIRM",
{ "url": "http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html"
"name" : "ADV-2010-1107", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2010/1107" "name": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html",
} "refsource": "CONFIRM",
] "url": "http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html"
} },
} {
"name": "[oss-security] 20091121 CVE Request - MySQL - 5.0.88",
"refsource": "MLIST",
"url": "http://marc.info/?l=oss-security&m=125881733826437&w=2"
},
{
"name": "oval:org.mitre.oval:def:10940",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10940"
},
{
"name": "http://bugs.mysql.com/47320",
"refsource": "CONFIRM",
"url": "http://bugs.mysql.com/47320"
},
{
"name": "[oss-security] 20091123 Re: mysql-5.1.41",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/11/23/16"
}
]
}
}

160
2009/4xxx/CVE-2009-4357.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4357", "ID": "CVE-2009-4357",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "PK86377", "description_data": [
"refsource" : "AIXAPAR", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377" "lang": "eng",
}, "value": "CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 does not properly handle use of legacy URLs for automatic login, which might allow attackers to discover the passwords for user accounts via unspecified vectors."
{ }
"name" : "37385", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/37385" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1023370", "description": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1023370" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "37811", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/37811" ]
}, },
{ "references": {
"name" : "ADV-2009-3580", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/3580" "name": "1023370",
} "refsource": "SECTRACK",
] "url": "http://securitytracker.com/id?1023370"
} },
} {
"name": "37385",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37385"
},
{
"name": "37811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37811"
},
{
"name": "PK86377",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK86377"
},
{
"name": "ADV-2009-3580",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3580"
}
]
}
}

150
2009/4xxx/CVE-2009-4501.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4501", "ID": "CVE-2009-4501",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20091213 Zabbix Server : Multiple remote vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/508436/30/60/threaded" "lang": "eng",
}, "value": "The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword."
{ }
"name" : "https://support.zabbix.com/browse/ZBX-1355", ]
"refsource" : "CONFIRM", },
"url" : "https://support.zabbix.com/browse/ZBX-1355" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37740", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37740" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ADV-2009-3514", ]
"refsource" : "VUPEN", }
"url" : "http://www.vupen.com/english/advisories/2009/3514" ]
} },
] "references": {
} "reference_data": [
} {
"name": "20091213 Zabbix Server : Multiple remote vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508436/30/60/threaded"
},
{
"name": "https://support.zabbix.com/browse/ZBX-1355",
"refsource": "CONFIRM",
"url": "https://support.zabbix.com/browse/ZBX-1355"
},
{
"name": "37740",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37740"
},
{
"name": "ADV-2009-3514",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3514"
}
]
}
}

140
2009/4xxx/CVE-2009-4832.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4832", "ID": "CVE-2009-4832",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8983", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/8983" "lang": "eng",
}, "value": "The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device."
{ }
"name" : "1022427", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id?1022427" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35501", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/35501" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "8983",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8983"
},
{
"name": "35501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35501"
},
{
"name": "1022427",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022427"
}
]
}
}

150
2009/4xxx/CVE-2009-4933.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4933", "ID": "CVE-2009-4933",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8487", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/8487" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in login.php in EZ Webitor allow remote attackers to execute arbitrary SQL commands via the (1) txtUserId (Username) and (2) txtPassword (Password) parameters. NOTE: some of these details are obtained from third party information."
{ }
"name" : "34604", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/34604" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "34819", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34819" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ezwebitor-login-sql-injection(49966)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49966" ]
} },
] "references": {
} "reference_data": [
} {
"name": "34819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34819"
},
{
"name": "8487",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8487"
},
{
"name": "34604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34604"
},
{
"name": "ezwebitor-login-sql-injection(49966)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49966"
}
]
}
}

160
2012/2xxx/CVE-2012-2569.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-2569", "ID": "CVE-2012-2569",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20367", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/20367" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in Synametrics Technologies Xeams 4.4 Build 5720 allows remote attackers to inject arbitrary web script or HTML via the body of an email."
{ }
"name" : "54902", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/54902" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "84591", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/84591" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "50190", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/50190" ]
}, },
{ "references": {
"name" : "xeamsemailserver-sendmail-xss(77504)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77504" "name": "84591",
} "refsource": "OSVDB",
] "url": "http://osvdb.org/84591"
} },
} {
"name": "xeamsemailserver-sendmail-xss(77504)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77504"
},
{
"name": "50190",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50190"
},
{
"name": "20367",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20367"
},
{
"name": "54902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54902"
}
]
}
}

160
2012/2xxx/CVE-2012-2993.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cert@cert.org",
"ID" : "CVE-2012-2993", "ID": "CVE-2012-2993",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "VU#389795", "description_data": [
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/389795" "lang": "eng",
}, "value": "Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) POP3, (2) IMAP, or (3) SMTP protocol via an arbitrary valid certificate."
{ }
"name" : "55569", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/55569" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "85619", "description": [
"refsource" : "OSVDB", {
"url" : "http://osvdb.org/85619" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1027541", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1027541" ]
}, },
{ "references": {
"name" : "microsoft-winphone7-domainname-spoofing(78620)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78620" "name": "microsoft-winphone7-domainname-spoofing(78620)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78620"
} },
} {
"name": "55569",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55569"
},
{
"name": "VU#389795",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/389795"
},
{
"name": "85619",
"refsource": "OSVDB",
"url": "http://osvdb.org/85619"
},
{
"name": "1027541",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027541"
}
]
}
}

140
2012/3xxx/CVE-2012-3253.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "hp-security-alert@hp.com",
"ID" : "CVE-2012-3253", "ID": "CVE-2012-3253",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a crafted message packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://zerodayinitiative.com/advisories/ZDI-12-164/", "description_data": [
"refsource" : "MISC", {
"url" : "http://zerodayinitiative.com/advisories/ZDI-12-164/" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in HP Intelligent Management Center (IMC) before 5.0 E0101P05 allow remote attackers to execute arbitrary code via crafted input, as demonstrated by an integer overflow and heap-based buffer overflow in img.exe for a crafted message packet."
{ }
"name" : "HPSB3C02808", ]
"refsource" : "HP", },
"url" : "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473459" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "SSRT100361", "description": [
"refsource" : "HP", {
"url" : "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473459" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "HPSB3C02808",
"refsource": "HP",
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473459"
},
{
"name": "http://zerodayinitiative.com/advisories/ZDI-12-164/",
"refsource": "MISC",
"url": "http://zerodayinitiative.com/advisories/ZDI-12-164/"
},
{
"name": "SSRT100361",
"refsource": "HP",
"url": "http://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c03473459"
}
]
}
}

34
2012/6xxx/CVE-2012-6255.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-6255", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-6255",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

34
2012/6xxx/CVE-2012-6295.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6295", "ID": "CVE-2012-6295",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

190
2012/6xxx/CVE-2012-6619.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2012-6619", "ID": "CVE-2012-6619",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "[oss-security] 20140107 MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", "description_data": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/01/07/2" "lang": "eng",
}, "value": "The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read."
{ }
"name" : "[oss-security] 20140107 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", ]
"refsource" : "MLIST", },
"url" : "http://www.openwall.com/lists/oss-security/2014/01/07/13" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "[oss-security] 20140108 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)", "description": [
"refsource" : "MLIST", {
"url" : "http://www.openwall.com/lists/oss-security/2014/01/08/9" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html", ]
"refsource" : "MISC", }
"url" : "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html" ]
}, },
{ "references": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1049748", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1049748" "name": "[oss-security] 20140107 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2014/01/07/13"
"name" : "https://jira.mongodb.org/browse/SERVER-7769", },
"refsource" : "CONFIRM", {
"url" : "https://jira.mongodb.org/browse/SERVER-7769" "name": "[oss-security] 20140107 MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)",
}, "refsource": "MLIST",
{ "url": "http://www.openwall.com/lists/oss-security/2014/01/07/2"
"name" : "RHSA-2014:0230", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0230.html" "name": "RHSA-2014:0230",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2014-0230.html"
"name" : "RHSA-2014:0440", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2014-0440.html" "name": "https://jira.mongodb.org/browse/SERVER-7769",
} "refsource": "CONFIRM",
] "url": "https://jira.mongodb.org/browse/SERVER-7769"
} },
} {
"name": "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html",
"refsource": "MISC",
"url": "http://blog.ptsecurity.com/2012/11/attacking-mongodb.html"
},
{
"name": "RHSA-2014:0440",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2014-0440.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1049748",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1049748"
},
{
"name": "[oss-security] 20140108 Re: MongoDB memory over-read via incorrect BSON object length (was: [HITB-Announce] HITB Magazine Issue 10 Out Now)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2014/01/08/9"
}
]
}
}

140
2015/1xxx/CVE-2015-1125.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-1125", "ID": "CVE-2015-1125",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT204661", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT204661" "lang": "eng",
}, "value": "The touch-events implementation in WebKit in Apple iOS before 8.3 allows remote attackers to trigger an association between a tap and an unintended web resource via a crafted web site."
{ }
"name" : "APPLE-SA-2015-04-08-3", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1032050", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032050" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-04-08-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Apr/msg00002.html"
},
{
"name": "1032050",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032050"
},
{
"name": "https://support.apple.com/HT204661",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT204661"
}
]
}
}

160
2015/1xxx/CVE-2015-1428.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1428", "ID": "CVE-2015-1428",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150202 Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534593/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow (1) remote attackers to execute arbitrary SQL commands via the sefrengo cookie in a login to backend/main.php or (2) remote authenticated users to execute arbitrary SQL commands via the value_id parameter in a save_value action to backend/main.php."
{ }
"name" : "35972", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/35972" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.itas.vn/news/itas-team-found-out-multiple-sql-injection-vulnerabilities-in-sefrengo-cms-v1-6-1-74.html", "description": [
"refsource" : "MISC", {
"url" : "http://www.itas.vn/news/itas-team-found-out-multiple-sql-injection-vulnerabilities-in-sefrengo-cms-v1-6-1-74.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://github.com/sefrengo-cms/sefrengo-1.x/commit/0b1edd4b22a47743eff7cfaf884ba2a4e06e15eb", ]
"refsource" : "MISC", }
"url" : "https://github.com/sefrengo-cms/sefrengo-1.x/commit/0b1edd4b22a47743eff7cfaf884ba2a4e06e15eb" ]
}, },
{ "references": {
"name" : "https://github.com/sefrengo-cms/sefrengo-1.x/commit/22c0d16bfd715631ed317cc990785ccede478f07", "reference_data": [
"refsource" : "MISC", {
"url" : "https://github.com/sefrengo-cms/sefrengo-1.x/commit/22c0d16bfd715631ed317cc990785ccede478f07" "name": "35972",
} "refsource": "EXPLOIT-DB",
] "url": "http://www.exploit-db.com/exploits/35972"
} },
} {
"name": "20150202 Sefrengo CMS v1.6.1 - Multiple SQL Injection Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534593/100/0/threaded"
},
{
"name": "http://www.itas.vn/news/itas-team-found-out-multiple-sql-injection-vulnerabilities-in-sefrengo-cms-v1-6-1-74.html",
"refsource": "MISC",
"url": "http://www.itas.vn/news/itas-team-found-out-multiple-sql-injection-vulnerabilities-in-sefrengo-cms-v1-6-1-74.html"
},
{
"name": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/0b1edd4b22a47743eff7cfaf884ba2a4e06e15eb",
"refsource": "MISC",
"url": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/0b1edd4b22a47743eff7cfaf884ba2a4e06e15eb"
},
{
"name": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/22c0d16bfd715631ed317cc990785ccede478f07",
"refsource": "MISC",
"url": "https://github.com/sefrengo-cms/sefrengo-1.x/commit/22c0d16bfd715631ed317cc990785ccede478f07"
}
]
}
}

600
2015/1xxx/CVE-2015-1791.json
View File

@ -1,302 +1,302 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-1791", "ID": "CVE-2015-1791",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc" "lang": "eng",
}, "value": "Race condition in the ssl3_get_new_session_ticket function in ssl/s3_clnt.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b, when used for a multi-threaded client, allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact by providing a NewSessionTicket during an attempt to reuse a ticket that had been obtained earlier."
{ }
"name" : "https://www.openssl.org/news/secadv_20150611.txt", ]
"refsource" : "CONFIRM", },
"url" : "https://www.openssl.org/news/secadv_20150611.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/kb/HT205031", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/kb/HT205031" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694", ]
"refsource" : "CONFIRM", }
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" "name": "SUSE-SU-2015:1184",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html"
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" "name": "SSRT102180",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667" "name": "DSA-3287",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2015/dsa-3287"
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044" "name": "SUSE-SU-2015:1150",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html" "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122",
}, "refsource": "CONFIRM",
{ "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10122"
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763" "name": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
}, "refsource": "CONFIRM",
{ "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05157667"
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380" "name": "HPSBMU03409",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965"
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" "name": "https://openssl.org/news/secadv/20150611.txt",
}, "refsource": "CONFIRM",
{ "url": "https://openssl.org/news/secadv/20150611.txt"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html" "name": "75161",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/75161"
"name" : "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015", },
"refsource" : "CONFIRM", {
"url" : "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015" "name": "RHSA-2015:1115",
}, "refsource": "REDHAT",
{ "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733", },
"refsource" : "CONFIRM", {
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733" "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
"name" : "https://openssl.org/news/secadv/20150611.txt", },
"refsource" : "CONFIRM", {
"url" : "https://openssl.org/news/secadv/20150611.txt" "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
"name" : "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015", },
"refsource" : "CONFIRM", {
"url" : "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015" "name": "1032479",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1032479"
"name" : "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015", },
"refsource" : "CONFIRM", {
"url" : "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015" "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
"name" : "https://bto.bluecoat.com/security-advisory/sa98", },
"refsource" : "CONFIRM", {
"url" : "https://bto.bluecoat.com/security-advisory/sa98" "name": "SUSE-SU-2015:1182",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html"
"name" : "http://www-304.ibm.com/support/docview.wss?uid=swg21960041", },
"refsource" : "CONFIRM", {
"url" : "http://www-304.ibm.com/support/docview.wss?uid=swg21960041" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965", },
"refsource" : "CONFIRM", {
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05353965" "name": "SUSE-SU-2015:1143",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html"
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10122", },
"refsource" : "CONFIRM", {
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10122" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html" "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "name": "https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc",
}, "refsource": "CONFIRM",
{ "url": "https://github.com/openssl/openssl/commit/98ece4eebfb6cd45cc8d550c6ac0022965071afc"
"name" : "https://support.citrix.com/article/CTX216642", },
"refsource" : "CONFIRM", {
"url" : "https://support.citrix.com/article/CTX216642" "name": "openSUSE-SU-2016:0640",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"
"name" : "APPLE-SA-2015-08-13-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html" "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"name" : "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products", },
"refsource" : "CISCO", {
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl" "name": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041",
}, "refsource": "CONFIRM",
{ "url": "http://www-304.ibm.com/support/docview.wss?uid=swg21960041"
"name" : "DSA-3287", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2015/dsa-3287" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158380"
"name" : "FEDORA-2015-10047", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html" "name": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015",
}, "refsource": "CONFIRM",
{ "url": "http://www.fortiguard.com/advisory/2015-06-11-fortinet-vulnerability-openssl-vulnerabilities-june-2015"
"name" : "FEDORA-2015-10108", },
"refsource" : "FEDORA", {
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html" "name": "FEDORA-2015-10108",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160647.html"
"name" : "GLSA-201506-02", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201506-02" "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name" : "HPSBUX03388", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=143880121627664&w=2" "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
}, "refsource": "CISCO",
{ "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
"name" : "SSRT102180", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=143880121627664&w=2" "name": "APPLE-SA-2015-08-13-2",
}, "refsource": "APPLE",
{ "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
"name" : "HPSBMU03409", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2" "name": "USN-2639-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2639-1"
"name" : "NetBSD-SA2015-008", },
"refsource" : "NETBSD", {
"url" : "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc" "name": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
}, "refsource": "CONFIRM",
{ "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
"name" : "RHSA-2015:1115", },
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1115.html" "name": "GLSA-201506-02",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201506-02"
"name" : "openSUSE-SU-2016:0640", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05131044"
"name" : "SUSE-SU-2015:1143", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00024.html" "name": "91787",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/91787"
"name" : "SUSE-SU-2015:1150", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00026.html" "name": "HPSBUX03388",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=143880121627664&w=2"
"name" : "SUSE-SU-2015:1182", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00004.html" "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763",
}, "refsource": "CONFIRM",
{ "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
"name" : "SUSE-SU-2015:1184", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00006.html" "name": "FEDORA-2015-10047",
}, "refsource": "FEDORA",
{ "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160436.html"
"name" : "openSUSE-SU-2015:1139", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html" "name": "https://support.apple.com/kb/HT205031",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/kb/HT205031"
"name" : "SUSE-SU-2015:1185", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html" "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
"name" : "USN-2639-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2639-1" "name": "https://support.citrix.com/article/CTX216642",
}, "refsource": "CONFIRM",
{ "url": "https://support.citrix.com/article/CTX216642"
"name" : "91787", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/91787" "name": "SUSE-SU-2015:1185",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
"name" : "75161", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/75161" "name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694",
}, "refsource": "CONFIRM",
{ "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694"
"name" : "1032479", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1032479" "name": "openSUSE-SU-2015:1139",
} "refsource": "SUSE",
] "url": "http://lists.opensuse.org/opensuse-security-announce/2015-06/msg00023.html"
} },
} {
"name": "https://bto.bluecoat.com/security-advisory/sa98",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa98"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10733"
},
{
"name": "NetBSD-SA2015-008",
"refsource": "NETBSD",
"url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
},
{
"name": "https://www.openssl.org/news/secadv_20150611.txt",
"refsource": "CONFIRM",
"url": "https://www.openssl.org/news/secadv_20150611.txt"
}
]
}
}

150
2015/1xxx/CVE-2015-1807.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-1807", "ID": "CVE-2015-1807",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205622", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205622" "lang": "eng",
}, "value": "Directory traversal vulnerability in Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticated users with certain permissions to read arbitrary files via a symlink, related to building artifacts."
{ }
"name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27", ]
"refsource" : "CONFIRM", },
"url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "RHSA-2015:1844", "description": [
"refsource" : "REDHAT", {
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1844.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2016:0070", ]
"refsource" : "REDHAT", }
"url" : "https://access.redhat.com/errata/RHSA-2016:0070" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205622",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205622"
},
{
"name": "RHSA-2016:0070",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27"
},
{
"name": "RHSA-2015:1844",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1844.html"
}
]
}
}

120
2015/5xxx/CVE-2015-5042.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-5042", "ID": "CVE-2015-5042",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973592", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21973592" "lang": "eng",
} "value": "IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, 10.0.0.x and 10.0.1.x before 10.0.1.5 iFix5, 10.0.2.x before 10.0.2.7 iFix4, and 10.0.4.x before 10.0.4.0 iFix3 allows remote attackers to execute arbitrary code by including a crafted Flash file."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21973592",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21973592"
}
]
}
}

130
2015/5xxx/CVE-2015-5098.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@adobe.com",
"ID" : "CVE-2015-5098", "ID": "CVE-2015-5098",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5096 and CVE-2015-5105."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://helpx.adobe.com/security/products/reader/apsb15-15.html" "lang": "eng",
}, "value": "Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, Acrobat and Acrobat Reader DC Classic before 2015.006.30060, and Acrobat and Acrobat Reader DC Continuous before 2015.008.20082 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5096 and CVE-2015-5105."
{ }
"name" : "1032892", ]
"refsource" : "SECTRACK", },
"url" : "http://www.securitytracker.com/id/1032892" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032892",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032892"
},
{
"name": "https://helpx.adobe.com/security/products/reader/apsb15-15.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/reader/apsb15-15.html"
}
]
}
}

170
2015/5xxx/CVE-2015-5603.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-5603", "ID": "CVE-2015-5603",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to \"Velocity Template Injection Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150902 CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/536374/100/0/threaded" "lang": "eng",
}, "value": "The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to \"Velocity Template Injection Vulnerability.\""
{ }
"name" : "38905", ]
"refsource" : "EXPLOIT-DB", },
"url" : "https://www.exploit-db.com/exploits/38905/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "38551", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/38551/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://packetstormsecurity.com/files/133401/Jira-HipChat-For-Jira-Java-Code-Execution.html", ]
"refsource" : "MISC", }
"url" : "http://packetstormsecurity.com/files/133401/Jira-HipChat-For-Jira-Java-Code-Execution.html" ]
}, },
{ "references": {
"name" : "http://www.rapid7.com/db/modules/exploit/multi/http/jira_hipchat_template", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.rapid7.com/db/modules/exploit/multi/http/jira_hipchat_template" "name": "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2015-08-26-776650785.html",
}, "refsource": "CONFIRM",
{ "url": "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2015-08-26-776650785.html"
"name" : "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2015-08-26-776650785.html", },
"refsource" : "CONFIRM", {
"url" : "https://confluence.atlassian.com/jira/jira-and-hipchat-for-jira-plugin-security-advisory-2015-08-26-776650785.html" "name": "38905",
} "refsource": "EXPLOIT-DB",
] "url": "https://www.exploit-db.com/exploits/38905/"
} },
} {
"name": "http://packetstormsecurity.com/files/133401/Jira-HipChat-For-Jira-Java-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133401/Jira-HipChat-For-Jira-Java-Code-Execution.html"
},
{
"name": "http://www.rapid7.com/db/modules/exploit/multi/http/jira_hipchat_template",
"refsource": "MISC",
"url": "http://www.rapid7.com/db/modules/exploit/multi/http/jira_hipchat_template"
},
{
"name": "20150902 CVE-2015-5603: JIRA and the HipChat For JIRA plugin - Velocity Template Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/536374/100/0/threaded"
},
{
"name": "38551",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/38551/"
}
]
}
}

190
2015/5xxx/CVE-2015-5806.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5806", "ID": "CVE-2015-5806",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT205212", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205212" "lang": "eng",
}, "value": "WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2015-09-16-1 and APPLE-SA-2015-09-16-3."
{ }
"name" : "https://support.apple.com/HT205221", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT205221" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://support.apple.com/HT205265", "description": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205265" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2015-09-16-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" ]
}, },
{ "references": {
"name" : "APPLE-SA-2015-09-16-3", "reference_data": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html" "name": "https://support.apple.com/HT205221",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT205221"
"name" : "APPLE-SA-2015-09-30-2", },
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html" "name": "1033609",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1033609"
"name" : "76763", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76763" "name": "https://support.apple.com/HT205212",
}, "refsource": "CONFIRM",
{ "url": "https://support.apple.com/HT205212"
"name" : "1033609", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033609" "name": "76763",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/76763"
} },
} {
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-16-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

120
2018/11xxx/CVE-2018-11558.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11558", "ID": "CVE-2018-11558",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "DomainMod 4.10.0 has Stored XSS in the \"/settings/profile/index.php\" new_first_name parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/domainmod/domainmod/issues/66", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/domainmod/domainmod/issues/66" "lang": "eng",
} "value": "DomainMod 4.10.0 has Stored XSS in the \"/settings/profile/index.php\" new_first_name parameter."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/domainmod/domainmod/issues/66",
"refsource": "MISC",
"url": "https://github.com/domainmod/domainmod/issues/66"
}
]
}
}

34
2018/11xxx/CVE-2018-11834.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-11834", "ID": "CVE-2018-11834",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/15xxx/CVE-2018-15244.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-15244", "ID": "CVE-2018-15244",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

152
2018/3xxx/CVE-2018-3195.json
View File

@ -1,78 +1,78 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3195", "ID": "CVE-2018-3195",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "MySQL Server", "product_name": "MySQL Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "8.0.12 and prior" "version_value": "8.0.12 and prior"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" "lang": "eng",
}, "value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)."
{ }
"name" : "https://security.netapp.com/advisory/ntap-20181018-0002/", ]
"refsource" : "CONFIRM", },
"url" : "https://security.netapp.com/advisory/ntap-20181018-0002/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "105607", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/105607" "lang": "eng",
}, "value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data."
{ }
"name" : "1041888", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1041888" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1041888",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041888"
},
{
"name": "105607",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105607"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
}
]
}
}

142
2018/3xxx/CVE-2018-3201.json
View File

@ -1,73 +1,73 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3201", "ID": "CVE-2018-3201",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "WebLogic Server", "product_name": "WebLogic Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.1.3" "version_value": "12.2.1.3"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
{ }
"name" : "105611", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105611" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041896", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041896" "lang": "eng",
} "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "1041896",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041896"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "105611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105611"
}
]
}
}

34
2018/3xxx/CVE-2018-3317.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3317", "ID": "CVE-2018-3317",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/3xxx/CVE-2018-3491.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3491", "ID": "CVE-2018-3491",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/3xxx/CVE-2018-3764.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "support@hackerone.com", "ASSIGNER": "support@hackerone.com",
"ID" : "CVE-2018-3764", "ID": "CVE-2018-3764",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Nextcloud Contacts application", "product_name": "Nextcloud Contacts application",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "<2.1.2" "version_value": "<2.1.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Nextcloud" "vendor_name": "Nextcloud"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site Scripting (XSS) - Stored (CWE-79)"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://nextcloud.com/security/advisory/?id=nc-sa-2018-005", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://nextcloud.com/security/advisory/?id=nc-sa-2018-005" "lang": "eng",
} "value": "In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. The missing sanitization only affected group names, hence malicious search results could only be crafted by privileged users like admins or group admins."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site Scripting (XSS) - Stored (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nextcloud.com/security/advisory/?id=nc-sa-2018-005",
"refsource": "CONFIRM",
"url": "https://nextcloud.com/security/advisory/?id=nc-sa-2018-005"
}
]
}
}

122
2018/3xxx/CVE-2018-3922.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-07-11T00:00:00", "DATE_PUBLIC": "2018-07-11T00:00:00",
"ID" : "CVE-2018-3922", "ID": "CVE-2018-3922",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Computerinsel Photoline", "product_name": "Computerinsel Photoline",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Computerinsel Photoline 20.54 for OS X" "version_value": "Computerinsel Photoline 20.54 for OS X"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Computerinsel" "vendor_name": "Computerinsel"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "heap-based buffer overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0586", "description_data": [
"refsource" : "MISC", {
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0586" "lang": "eng",
} "value": "A memory corruption vulnerability exists in the ANI-parsing functionality of Computerinsel Photoline 20.54. A specially crafted ANI image processed via the application can lead to a stack overflow, overwriting arbitrary data. An attacker can deliver an ANI image to trigger this vulnerability and gain code execution."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "heap-based buffer overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0586",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0586"
}
]
}
}

34
2018/7xxx/CVE-2018-7425.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7425", "ID": "CVE-2018-7425",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

146
2018/8xxx/CVE-2018-8152.json
View File

@ -1,75 +1,75 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8152", "ID": "CVE-2018-8152",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Exchange Server", "product_name": "Microsoft Exchange Server",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "2016 Cumulative Update 8" "version_value": "2016 Cumulative Update 8"
}, },
{ {
"version_value" : "2016 Cumulative Update 9" "version_value": "2016 Cumulative Update 9"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8152", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8152" "lang": "eng",
}, "value": "An elevation of privilege vulnerability exists when Microsoft Exchange Outlook Web Access (OWA) fails to properly handle web requests, aka \"Microsoft Exchange Server Elevation of Privilege Vulnerability.\" This affects Microsoft Exchange Server."
{ }
"name" : "104043", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104043" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1040850", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1040850" "lang": "eng",
} "value": "Elevation of Privilege"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8152",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8152"
},
{
"name": "104043",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104043"
},
{
"name": "1040850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040850"
}
]
}
}

34
2018/8xxx/CVE-2018-8180.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8180", "ID": "CVE-2018-8180",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/8xxx/CVE-2018-8364.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8364", "ID": "CVE-2018-8364",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/8xxx/CVE-2018-8656.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8656", "ID": "CVE-2018-8656",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }