admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 02:22:16 +00:00
parent e008aa96f0
commit 782838fd35
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 4932 additions and 4932 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

130
2002/0xxx/CVE-2002-0077.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0077",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the \"Local Executable Invocation via Object tag\" vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020113 Internet Explorer Pop-Up OBJECT Tag Bug",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101103188711920&w=2"
},
{
"name" : "MS02-015",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-015"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked on an HTML page with the codebase property as part of Local Computer zone, which allows remote attackers to invoke executables present on the local system through objects such as the popup object, aka the \"Local Executable Invocation via Object tag\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MS02-015",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-015"
},
{
"name": "20020113 Internet Explorer Pop-Up OBJECT Tag Bug",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101103188711920&w=2"
}
]
}
}

140
2002/0xxx/CVE-2002-0255.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020208 arescom 800 authentification flaw",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=101323620111951&w=2"
},
{
"name" : "netdsl-telnet-bypass-authentication(8125)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8125.php"
},
{
"name" : "4066",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4066"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netdsl-telnet-bypass-authentication(8125)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8125.php"
},
{
"name": "4066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4066"
},
{
"name": "20020208 arescom 800 authentification flaw",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=101323620111951&w=2"
}
]
}
}

150
2002/0xxx/CVE-2002-0781.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0781",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020508 [VulnWatch] cqure.net.20020412.bordermanager_36_mv1.a",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0060.html"
},
{
"name" : "20020508 cqure.net.20020412.bordermanager_36_mv1.a",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/271475"
},
{
"name" : "4698",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4698"
},
{
"name" : "novell-bordermanager-rtsp-dos(9033)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9033.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020508 cqure.net.20020412.bordermanager_36_mv1.a",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/271475"
},
{
"name": "20020508 [VulnWatch] cqure.net.20020412.bordermanager_36_mv1.a",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0060.html"
},
{
"name": "4698",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4698"
},
{
"name": "novell-bordermanager-rtsp-dos(9033)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9033.php"
}
]
}
}

140
2002/0xxx/CVE-2002-0928.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0928",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the Pirch 98 IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hyperlink in a channel or private message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0928",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020621 Pirch 98 Link Handling Buffer Overflow",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0256.html"
},
{
"name" : "5079",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5079"
},
{
"name" : "pirch-irc-link-bo(9409)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9409.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the Pirch 98 IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hyperlink in a channel or private message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020621 Pirch 98 Link Handling Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0256.html"
},
{
"name": "pirch-irc-link-bo(9409)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9409.php"
},
{
"name": "5079",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5079"
}
]
}
}

150
2002/2xxx/CVE-2002-2116.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2116",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020215 Remote DoS in Netgear RM-356",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-02/0162.html"
},
{
"name" : "20020215 Re: Remote DoS in Netgear RM-356",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-02/0183.html"
},
{
"name" : "4111",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4111"
},
{
"name" : "netgear-udp-portscan-dos(8206)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/8206.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020215 Re: Remote DoS in Netgear RM-356",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-02/0183.html"
},
{
"name": "4111",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4111"
},
{
"name": "netgear-udp-portscan-dos(8206)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/8206.php"
},
{
"name": "20020215 Remote DoS in Netgear RM-356",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-02/0162.html"
}
]
}
}

140
2002/2xxx/CVE-2002-2266.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2266",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or Netmeeting traffic, allows remote attackers to cause a denial of service (firewall session table consumption) by establishing multiple half-open H.323 sessions, which are not cleaned up on garbage removal and do not time out for 36 hours."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2266",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20021125 Potential H.323 Denial of Service",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103827647621729&w=2"
},
{
"name" : "6250",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/6250"
},
{
"name" : "netscreen-h323-dos(10700)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/10700"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or Netmeeting traffic, allows remote attackers to cause a denial of service (firewall session table consumption) by establishing multiple half-open H.323 sessions, which are not cleaned up on garbage removal and do not time out for 36 hours."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "netscreen-h323-dos(10700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10700"
},
{
"name": "6250",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6250"
},
{
"name": "20021125 Potential H.323 Denial of Service",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103827647621729&w=2"
}
]
}
}

34
2005/0xxx/CVE-2005-0153.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0153",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0153",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2005/0xxx/CVE-2005-0393.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2005-0393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "DSA-733",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-733"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-733",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-733"
}
]
}
}

120
2005/0xxx/CVE-2005-0522.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0522",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0522",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "1013270",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013270"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013270",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013270"
}
]
}
}

140
2005/0xxx/CVE-2005-0819.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0819",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0819",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971038.htm",
"refsource" : "CONFIRM",
"url" : "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971038.htm"
},
{
"name" : "12831",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12831"
},
{
"name" : "1013460",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013460"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013460",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013460"
},
{
"name": "12831",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12831"
},
{
"name": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971038.htm",
"refsource": "CONFIRM",
"url": "http://support.novell.com/cgi-bin/search/searchtid.cgi?/2971038.htm"
}
]
}
}

150
2005/1xxx/CVE-2005-1426.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1426",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/blog.mdb (aka mdb-database/blog.msb)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8610",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8610"
},
{
"name" : "15996",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15996"
},
{
"name" : "1013830",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013830"
},
{
"name" : "uapplication-information-disclosure(20314)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20314"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/blog.mdb (aka mdb-database/blog.msb)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15996",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15996"
},
{
"name": "uapplication-information-disclosure(20314)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20314"
},
{
"name": "1013830",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013830"
},
{
"name": "8610",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8610"
}
]
}
}

130
2005/1xxx/CVE-2005-1517.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1517",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050511 FWSM URL Filtering Solution TCP ACL Bypass Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20050511-url.shtml"
},
{
"name" : "ADV-2005-0527",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0527"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050511 FWSM URL Filtering Solution TCP ACL Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20050511-url.shtml"
},
{
"name": "ADV-2005-0527",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0527"
}
]
}
}

130
2005/1xxx/CVE-2005-1572.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1572",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ShowOff! 1.5.4 allows remote attackers to cause a denial of service (server crash) via a malformed request to port 8083."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1572",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "16333",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16333"
},
{
"name" : "15300",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15300"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ShowOff! 1.5.4 allows remote attackers to cause a denial of service (server crash) via a malformed request to port 8083."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15300",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15300"
},
{
"name": "16333",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16333"
}
]
}
}

160
2005/1xxx/CVE-2005-1896.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1896",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1896",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt",
"refsource" : "MISC",
"url" : "http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt"
},
{
"name" : "http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256",
"refsource" : "CONFIRM",
"url" : "http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256"
},
{
"name" : "ADV-2005-0697",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0697"
},
{
"name" : "15603",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15603"
},
{
"name" : "1014114",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014114"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014114",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014114"
},
{
"name": "15603",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15603"
},
{
"name": "http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt",
"refsource": "MISC",
"url": "http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt"
},
{
"name": "ADV-2005-0697",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0697"
},
{
"name": "http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256",
"refsource": "CONFIRM",
"url": "http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256"
}
]
}
}

160
2005/4xxx/CVE-2005-4333.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4333",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/binary-board-system-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/binary-board-system-xss-vuln.html"
},
{
"name" : "15913",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15913"
},
{
"name" : "21893",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21893"
},
{
"name" : "21894",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21894"
},
{
"name" : "21895",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21895"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Binary Board System (BBS) 0.2.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) inreplyto, (2) article, and (3) board parameters to reply.pl, (4) branch, (5) board, and (6) stats.pl parameters to (b) stats.pl, and (7) board parameter to (c) toc.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21895",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21895"
},
{
"name": "http://pridels0.blogspot.com/2005/12/binary-board-system-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/binary-board-system-xss-vuln.html"
},
{
"name": "21894",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21894"
},
{
"name": "21893",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21893"
},
{
"name": "15913",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15913"
}
]
}
}

150
2009/0xxx/CVE-2009-0262.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0262",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7737",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7737"
},
{
"name" : "33221",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33221"
},
{
"name" : "ADV-2009-0097",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0097"
},
{
"name" : "33496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33496"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7737",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7737"
},
{
"name": "33496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33496"
},
{
"name": "33221",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33221"
},
{
"name": "ADV-2009-0097",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0097"
}
]
}
}

570
2009/0xxx/CVE-2009-0580.json
View File

@ -1,287 +1,287 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0580",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090603 [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504045/100/0/threaded"
},
{
"name" : "20090604 Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504108/100/0/threaded"
},
{
"name" : "20090605 [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504125/100/0/threaded"
},
{
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name" : "http://svn.apache.org/viewvc?rev=747840&view=rev",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?rev=747840&view=rev"
},
{
"name" : "http://svn.apache.org/viewvc?rev=781379&view=rev",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?rev=781379&view=rev"
},
{
"name" : "http://svn.apache.org/viewvc?rev=781382&view=rev",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?rev=781382&view=rev"
},
{
"name" : "http://tomcat.apache.org/security-4.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-4.html"
},
{
"name" : "http://tomcat.apache.org/security-5.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-5.html"
},
{
"name" : "http://tomcat.apache.org/security-6.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-6.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name" : "http://support.apple.com/kb/HT4077",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT4077"
},
{
"name" : "APPLE-SA-2010-03-29-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name" : "DSA-2207",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2011/dsa-2207"
},
{
"name" : "FEDORA-2009-11352",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"
},
{
"name" : "FEDORA-2009-11356",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"
},
{
"name" : "FEDORA-2009-11374",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"
},
{
"name" : "HPSBUX02579",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=129070310906557&w=2"
},
{
"name" : "SSRT100203",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=129070310906557&w=2"
},
{
"name" : "HPSBUX02860",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
},
{
"name" : "SSRT101146",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
},
{
"name" : "HPSBMA02535",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2"
},
{
"name" : "HPSBOV02762",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2"
},
{
"name" : "SSRT100029",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=127420533226623&w=2"
},
{
"name" : "SSRT100825",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=133469267822771&w=2"
},
{
"name" : "MDVSA-2009:136",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
},
{
"name" : "MDVSA-2009:138",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"
},
{
"name" : "MDVSA-2010:176",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
},
{
"name" : "263529",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"
},
{
"name" : "SUSE-SR:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name" : "35196",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35196"
},
{
"name" : "oval:org.mitre.oval:def:6628",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628"
},
{
"name" : "oval:org.mitre.oval:def:9101",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101"
},
{
"name" : "oval:org.mitre.oval:def:18915",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915"
},
{
"name" : "1022332",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022332"
},
{
"name" : "35326",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35326"
},
{
"name" : "35344",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35344"
},
{
"name" : "35685",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35685"
},
{
"name" : "35788",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35788"
},
{
"name" : "37460",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37460"
},
{
"name" : "42368",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/42368"
},
{
"name" : "ADV-2009-1496",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1496"
},
{
"name" : "ADV-2009-1856",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1856"
},
{
"name" : "ADV-2009-3316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3316"
},
{
"name" : "ADV-2010-3056",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/3056"
},
{
"name" : "tomcat-jsecuritycheck-info-disclosure(50930)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50930"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /j_security_check with malformed URL encoding of passwords, related to improper error checking in the (1) MemoryRealm, (2) DataSourceRealm, and (3) JDBCRealm authentication realms, as demonstrated by a % (percent) value for the j_password parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9101",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9101"
},
{
"name": "http://tomcat.apache.org/security-4.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-4.html"
},
{
"name": "oval:org.mitre.oval:def:18915",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18915"
},
{
"name": "HPSBMA02535",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"
},
{
"name": "35326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35326"
},
{
"name": "MDVSA-2009:138",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:138"
},
{
"name": "FEDORA-2009-11356",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01246.html"
},
{
"name": "DSA-2207",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2207"
},
{
"name": "35196",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35196"
},
{
"name": "35344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35344"
},
{
"name": "HPSBUX02860",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
},
{
"name": "37460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37460"
},
{
"name": "ADV-2010-3056",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/3056"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "35788",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35788"
},
{
"name": "20090605 [SECURITY] CVE-2009-0580 UPDATED Apache Tomcat User enumeration vulnerability with FORM authentication",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504125/100/0/threaded"
},
{
"name": "SSRT100029",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=127420533226623&w=2"
},
{
"name": "http://svn.apache.org/viewvc?rev=747840&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?rev=747840&view=rev"
},
{
"name": "20090603 [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504045/100/0/threaded"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "ADV-2009-1496",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1496"
},
{
"name": "HPSBOV02762",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2"
},
{
"name": "20090604 Re: [SECURITY] CVE-2009-0580 Apache Tomcat User enumeration vulnerability with FORM authentication",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504108/100/0/threaded"
},
{
"name": "http://svn.apache.org/viewvc?rev=781382&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?rev=781382&view=rev"
},
{
"name": "oval:org.mitre.oval:def:6628",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6628"
},
{
"name": "ADV-2009-1856",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1856"
},
{
"name": "1022332",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022332"
},
{
"name": "MDVSA-2010:176",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:176"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "42368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42368"
},
{
"name": "http://tomcat.apache.org/security-6.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-6.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "FEDORA-2009-11374",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01156.html"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "SSRT100825",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2"
},
{
"name": "FEDORA-2009-11352",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-November/msg01216.html"
},
{
"name": "http://tomcat.apache.org/security-5.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-5.html"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "HPSBUX02579",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"
},
{
"name": "tomcat-jsecuritycheck-info-disclosure(50930)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50930"
},
{
"name": "http://svn.apache.org/viewvc?rev=781379&view=rev",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?rev=781379&view=rev"
},
{
"name": "SSRT101146",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=136485229118404&w=2"
},
{
"name": "MDVSA-2009:136",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:136"
},
{
"name": "263529",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-263529-1"
},
{
"name": "SSRT100203",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=129070310906557&w=2"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}

380
2009/0xxx/CVE-2009-0775.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0775",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via \"cloned XUL DOM elements which were linked as a parent and child,\" which are not properly handled during garbage collection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0775",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-08.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-08.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=474456",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=474456"
},
{
"name" : "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm"
},
{
"name" : "DSA-1751",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1751"
},
{
"name" : "FEDORA-2009-2882",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html"
},
{
"name" : "FEDORA-2009-2884",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html"
},
{
"name" : "MDVSA-2009:075",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:075"
},
{
"name" : "RHSA-2009:0258",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0258.html"
},
{
"name" : "RHSA-2009:0315",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0315.html"
},
{
"name" : "RHSA-2009:0325",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0325.html"
},
{
"name" : "SUSE-SA:2009:012",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html"
},
{
"name" : "33990",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33990"
},
{
"name" : "oval:org.mitre.oval:def:5806",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5806"
},
{
"name" : "oval:org.mitre.oval:def:5816",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5816"
},
{
"name" : "oval:org.mitre.oval:def:6207",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6207"
},
{
"name" : "oval:org.mitre.oval:def:7584",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7584"
},
{
"name" : "oval:org.mitre.oval:def:9681",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9681"
},
{
"name" : "1021796",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021796"
},
{
"name" : "34145",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34145"
},
{
"name" : "34272",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34272"
},
{
"name" : "34383",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34383"
},
{
"name" : "34324",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34324"
},
{
"name" : "34417",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34417"
},
{
"name" : "34137",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34137"
},
{
"name" : "34140",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34140"
},
{
"name" : "ADV-2009-0632",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0632"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and SeaMonkey before 1.1.15 allows remote attackers to execute arbitrary code via \"cloned XUL DOM elements which were linked as a parent and child,\" which are not properly handled during garbage collection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:0315",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0315.html"
},
{
"name": "SUSE-SA:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html"
},
{
"name": "ADV-2009-0632",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0632"
},
{
"name": "1021796",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021796"
},
{
"name": "oval:org.mitre.oval:def:9681",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9681"
},
{
"name": "oval:org.mitre.oval:def:5806",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5806"
},
{
"name": "DSA-1751",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1751"
},
{
"name": "RHSA-2009:0325",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0325.html"
},
{
"name": "oval:org.mitre.oval:def:7584",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7584"
},
{
"name": "RHSA-2009:0258",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0258.html"
},
{
"name": "34140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34140"
},
{
"name": "34272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34272"
},
{
"name": "34417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34417"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-08.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-08.html"
},
{
"name": "34145",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34145"
},
{
"name": "FEDORA-2009-2882",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=474456",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=474456"
},
{
"name": "FEDORA-2009-2884",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html"
},
{
"name": "34137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34137"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm"
},
{
"name": "oval:org.mitre.oval:def:6207",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6207"
},
{
"name": "34324",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34324"
},
{
"name": "MDVSA-2009:075",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:075"
},
{
"name": "33990",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33990"
},
{
"name": "oval:org.mitre.oval:def:5816",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5816"
},
{
"name": "34383",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34383"
},
{
"name": "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document"
}
]
}
}

220
2009/0xxx/CVE-2009-0913.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0913",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the keysock kernel module in Solaris 10 and OpenSolaris builds snv_01 through snv_108 allows local users to cause a denial of service (system panic) via unknown vectors related to PF_KEY socket, probably related to setting socket options."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-099.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-099.htm"
},
{
"name" : "253568",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253568-1"
},
{
"name" : "34118",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34118"
},
{
"name" : "52678",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52678"
},
{
"name" : "oval:org.mitre.oval:def:6203",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6203"
},
{
"name" : "1021846",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021846"
},
{
"name" : "34277",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34277"
},
{
"name" : "34456",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34456"
},
{
"name" : "ADV-2009-0717",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0717"
},
{
"name" : "ADV-2009-0817",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0817"
},
{
"name" : "sun-solaris-keysock-dos(49247)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49247"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the keysock kernel module in Solaris 10 and OpenSolaris builds snv_01 through snv_108 allows local users to cause a denial of service (system panic) via unknown vectors related to PF_KEY socket, probably related to setting socket options."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34277",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34277"
},
{
"name": "253568",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-253568-1"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-099.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-099.htm"
},
{
"name": "34118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34118"
},
{
"name": "1021846",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021846"
},
{
"name": "52678",
"refsource": "OSVDB",
"url": "http://osvdb.org/52678"
},
{
"name": "34456",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34456"
},
{
"name": "ADV-2009-0717",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0717"
},
{
"name": "oval:org.mitre.oval:def:6203",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6203"
},
{
"name": "ADV-2009-0817",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0817"
},
{
"name": "sun-solaris-keysock-dos(49247)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49247"
}
]
}
}

170
2009/1xxx/CVE-2009-1025.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1025",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8216",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8216"
},
{
"name" : "34129",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34129"
},
{
"name" : "52779",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52779"
},
{
"name" : "34323",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34323"
},
{
"name" : "ADV-2009-0733",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0733"
},
{
"name" : "phplinkadmin-edlink-sql-injection(49265)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49265"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PHP remote file inclusion vulnerability in linkadmin.php in Beerwin PHPLinkAdmin 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phplinkadmin-edlink-sql-injection(49265)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49265"
},
{
"name": "ADV-2009-0733",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0733"
},
{
"name": "8216",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8216"
},
{
"name": "52779",
"refsource": "OSVDB",
"url": "http://osvdb.org/52779"
},
{
"name": "34129",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34129"
},
{
"name": "34323",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34323"
}
]
}
}

560
2009/1xxx/CVE-2009-1095.json
View File

@ -1,282 +1,282 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1095",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090326 Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=781"
},
{
"name" : "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1",
"refsource" : "MISC",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name" : "DSA-1769",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1769"
},
{
"name" : "GLSA-200911-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name" : "HPSBMA02429",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
},
{
"name" : "SSRT090058",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
},
{
"name" : "HPSBUX02429",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=124344236532162&w=2"
},
{
"name" : "MDVSA-2009:137",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name" : "MDVSA-2009:162",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name" : "RHSA-2009:0392",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
},
{
"name" : "RHSA-2009:0394",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
},
{
"name" : "RHSA-2009:0377",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"name" : "RHSA-2009:1038",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
},
{
"name" : "RHSA-2009:1198",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
},
{
"name" : "254570",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-254570-1"
},
{
"name" : "1020225",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020225.1-1"
},
{
"name" : "SUSE-SA:2009:016",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"name" : "SUSE-SA:2009:029",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
},
{
"name" : "SUSE-SR:2009:011",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name" : "SUSE-SA:2009:036",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
},
{
"name" : "USN-748-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-748-1"
},
{
"name" : "34240",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34240"
},
{
"name" : "oval:org.mitre.oval:def:10124",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10124"
},
{
"name" : "oval:org.mitre.oval:def:6643",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6643"
},
{
"name" : "1021894",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021894"
},
{
"name" : "34489",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34489"
},
{
"name" : "34495",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34495"
},
{
"name" : "34496",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34496"
},
{
"name" : "34675",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34675"
},
{
"name" : "34632",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34632"
},
{
"name" : "35223",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35223"
},
{
"name" : "35156",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35156"
},
{
"name" : "35255",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35255"
},
{
"name" : "35416",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35416"
},
{
"name" : "35776",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35776"
},
{
"name" : "36185",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36185"
},
{
"name" : "37386",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37386"
},
{
"name" : "37460",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37460"
},
{
"name" : "ADV-2009-1426",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1426"
},
{
"name" : "ADV-2009-3316",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2009:036",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00001.html"
},
{
"name": "MDVSA-2009:137",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
},
{
"name": "34632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34632"
},
{
"name": "SSRT090058",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
},
{
"name": "254570",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-254570-1"
},
{
"name": "35156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35156"
},
{
"name": "34675",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34675"
},
{
"name": "SUSE-SA:2009:029",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00003.html"
},
{
"name": "35776",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35776"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-109.htm"
},
{
"name": "37460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37460"
},
{
"name": "34489",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34489"
},
{
"name": "GLSA-200911-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200911-02.xml"
},
{
"name": "RHSA-2009:1038",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1038.html"
},
{
"name": "RHSA-2009:1198",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1198.html"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0016.html"
},
{
"name": "oval:org.mitre.oval:def:10124",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10124"
},
{
"name": "HPSBUX02429",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=124344236532162&w=2"
},
{
"name": "RHSA-2009:0394",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0394.html"
},
{
"name": "20090326 Sun Java Runtime Environment (JRE) Pack200 Decompression Integer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=781"
},
{
"name": "34495",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34495"
},
{
"name": "36185",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36185"
},
{
"name": "RHSA-2009:0377",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
},
{
"name": "35255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35255"
},
{
"name": "ADV-2009-1426",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1426"
},
{
"name": "1021894",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021894"
},
{
"name": "SUSE-SR:2009:011",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html"
},
{
"name": "1020225",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020225.1-1"
},
{
"name": "MDVSA-2009:162",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
},
{
"name": "20091120 VMSA-2009-0016 VMware vCenter and ESX update release and vMA patch release address multiple security issue in third party components",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507985/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:6643",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6643"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html"
},
{
"name": "RHSA-2009:0392",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0392.html"
},
{
"name": "35223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35223"
},
{
"name": "34240",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34240"
},
{
"name": "34496",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34496"
},
{
"name": "HPSBMA02429",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01745133"
},
{
"name": "USN-748-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-748-1"
},
{
"name": "DSA-1769",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1769"
},
{
"name": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1",
"refsource": "MISC",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-21-125137-14-1"
},
{
"name": "35416",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35416"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-108.htm"
},
{
"name": "37386",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37386"
},
{
"name": "SUSE-SA:2009:016",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00001.html"
},
{
"name": "ADV-2009-3316",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3316"
}
]
}
}

170
2009/1xxx/CVE-2009-1292.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1292",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1292",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "PK75832",
"refsource" : "AIXAPAR",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1PK75832"
},
{
"name" : "34483",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34483"
},
{
"name" : "1022035",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022035"
},
{
"name" : "34689",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34689"
},
{
"name" : "ADV-2009-1017",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1017"
},
{
"name" : "clearcase-ucmcq-information-disclosure(49836)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49836"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x before 7.0.1.4, and 7.1.x before 7.1.0.1 on Linux and AIX places a username and password on the command line, which allows local users to obtain credentials by listing the process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34483"
},
{
"name": "PK75832",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PK75832"
},
{
"name": "34689",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34689"
},
{
"name": "clearcase-ucmcq-information-disclosure(49836)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49836"
},
{
"name": "ADV-2009-1017",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1017"
},
{
"name": "1022035",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022035"
}
]
}
}

600
2009/1xxx/CVE-2009-1392.json
View File

@ -1,302 +1,302 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1392",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1392",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-24.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-24.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=380359",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=380359"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=429969",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=429969"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=431086",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=431086"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=432068",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=432068"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=451341",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=451341"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=472776",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=472776"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=486398",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=486398"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=489041",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=489041"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=490410",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=490410"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=490425",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=490425"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=490513",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=490513"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=503568",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=503568"
},
{
"name" : "DSA-1820",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1820"
},
{
"name" : "DSA-1830",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1830"
},
{
"name" : "FEDORA-2009-6366",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html"
},
{
"name" : "FEDORA-2009-6411",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html"
},
{
"name" : "MDVSA-2009:141",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
},
{
"name" : "RHSA-2009:1095",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1095.html"
},
{
"name" : "RHSA-2009:1096",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2009-1096.html"
},
{
"name" : "RHSA-2009:1125",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
},
{
"name" : "RHSA-2009:1126",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
},
{
"name" : "SSA:2009-167-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468"
},
{
"name" : "SSA:2009-176-01",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408"
},
{
"name" : "SSA:2009-178-01",
"refsource" : "SLACKWARE",
"url" : "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275"
},
{
"name" : "265068",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1"
},
{
"name" : "1020800",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1"
},
{
"name" : "USN-782-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-782-1"
},
{
"name" : "35326",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35326"
},
{
"name" : "35370",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35370"
},
{
"name" : "55144",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55144"
},
{
"name" : "55145",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55145"
},
{
"name" : "55146",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55146"
},
{
"name" : "55147",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55147"
},
{
"name" : "oval:org.mitre.oval:def:9501",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9501"
},
{
"name" : "1022376",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022376"
},
{
"name" : "1022397",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022397"
},
{
"name" : "35331",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35331"
},
{
"name" : "35428",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35428"
},
{
"name" : "35431",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35431"
},
{
"name" : "35439",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35439"
},
{
"name" : "35440",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35440"
},
{
"name" : "35468",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35468"
},
{
"name" : "35536",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35536"
},
{
"name" : "35415",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35415"
},
{
"name" : "35561",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35561"
},
{
"name" : "35602",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35602"
},
{
"name" : "ADV-2009-1572",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1572"
},
{
"name" : "ADV-2009-2152",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2152"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "265068",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-265068-1"
},
{
"name": "ADV-2009-1572",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1572"
},
{
"name": "RHSA-2009:1096",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2009-1096.html"
},
{
"name": "1020800",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020800.1-1"
},
{
"name": "SSA:2009-178-01",
"refsource": "SLACKWARE",
"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.454275"
},
{
"name": "DSA-1830",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1830"
},
{
"name": "35536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35536"
},
{
"name": "35602",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35602"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=490410",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=490410"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=451341",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=451341"
},
{
"name": "RHSA-2009:1125",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1125.html"
},
{
"name": "35326",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35326"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=429969",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=429969"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=489041",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=489041"
},
{
"name": "oval:org.mitre.oval:def:9501",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9501"
},
{
"name": "35370",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35370"
},
{
"name": "55145",
"refsource": "OSVDB",
"url": "http://osvdb.org/55145"
},
{
"name": "35440",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35440"
},
{
"name": "FEDORA-2009-6411",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00657.html"
},
{
"name": "USN-782-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-782-1"
},
{
"name": "55147",
"refsource": "OSVDB",
"url": "http://osvdb.org/55147"
},
{
"name": "35428",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35428"
},
{
"name": "35431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35431"
},
{
"name": "35331",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35331"
},
{
"name": "35468",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35468"
},
{
"name": "ADV-2009-2152",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2152"
},
{
"name": "35439",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35439"
},
{
"name": "FEDORA-2009-6366",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00574.html"
},
{
"name": "MDVSA-2009:141",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:141"
},
{
"name": "55144",
"refsource": "OSVDB",
"url": "http://osvdb.org/55144"
},
{
"name": "55146",
"refsource": "OSVDB",
"url": "http://osvdb.org/55146"
},
{
"name": "35415",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35415"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=432068",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=432068"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=490425",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=490425"
},
{
"name": "RHSA-2009:1095",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1095.html"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=380359",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=380359"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=490513",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=490513"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=503568",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=503568"
},
{
"name": "1022376",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022376"
},
{
"name": "SSA:2009-167-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.372468"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=486398",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=486398"
},
{
"name": "35561",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35561"
},
{
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-24.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-24.html"
},
{
"name": "SSA:2009-176-01",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.425408"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=431086",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=431086"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=472776",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=472776"
},
{
"name": "DSA-1820",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1820"
},
{
"name": "RHSA-2009:1126",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1126.html"
},
{
"name": "1022397",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022397"
}
]
}
}

170
2009/4xxx/CVE-2009-4888.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4888",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in poster.php in PHortail 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) ti, and (4) txt parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0903-exploits/phortail-xss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0903-exploits/phortail-xss.txt"
},
{
"name" : "34038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34038"
},
{
"name" : "52502",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/52502"
},
{
"name" : "34203",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34203"
},
{
"name" : "ADV-2009-0631",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0631"
},
{
"name" : "phortail-poster-xss(49143)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49143"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in poster.php in PHortail 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) ti, and (4) txt parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34203"
},
{
"name": "34038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34038"
},
{
"name": "ADV-2009-0631",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0631"
},
{
"name": "52502",
"refsource": "OSVDB",
"url": "http://osvdb.org/52502"
},
{
"name": "http://packetstormsecurity.org/0903-exploits/phortail-xss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0903-exploits/phortail-xss.txt"
},
{
"name": "phortail-poster-xss(49143)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49143"
}
]
}
}

150
2012/2xxx/CVE-2012-2062.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2062",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2062",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/07/1"
},
{
"name" : "http://drupal.org/node/1482126",
"refsource" : "MISC",
"url" : "http://drupal.org/node/1482126"
},
{
"name" : "52502",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/52502"
},
{
"name" : "redirecting-drupal-open-redirect(74059)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74059"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open redirect vulnerability in the Redirecting click bouncer module for Drupal allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/1482126",
"refsource": "MISC",
"url": "http://drupal.org/node/1482126"
},
{
"name": "52502",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/52502"
},
{
"name": "redirecting-drupal-open-redirect(74059)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74059"
},
{
"name": "[oss-security] 20120406 CVE's for Drupal Contrib 2012 001 through 057 (67 new CVE assignments)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/07/1"
}
]
}
}

190
2012/2xxx/CVE-2012-2112.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2112",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[TYPO3-announce] 20120417 Announcing TYPO3 4.4.15, 4.5.15 and 4.6.8",
"refsource" : "MLIST",
"url" : "http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html"
},
{
"name" : "[TYPO3-announce] 20120417 Cross-Site Scripting Vulnerability in TYPO3 Core",
"refsource" : "MLIST",
"url" : "http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html"
},
{
"name" : "[oss-security] 20120417 CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/17/5"
},
{
"name" : "[oss-security] 20120417 Re: CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/04/18/1"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/"
},
{
"name" : "DSA-2455",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2012/dsa-2455"
},
{
"name" : "53047",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53047"
},
{
"name" : "exceptionhandler-exceptionmessages-xss(74920)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74920"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Exception Handler in TYPO3 4.4.x before 4.4.15, 4.5.x before 4.5.15, 4.6.x before 4.6.8, and 4.7 allows remote attackers to inject arbitrary web script or HTML via exception messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[TYPO3-announce] 20120417 Cross-Site Scripting Vulnerability in TYPO3 Core",
"refsource": "MLIST",
"url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000241.html"
},
{
"name": "exceptionhandler-exceptionmessages-xss(74920)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74920"
},
{
"name": "53047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53047"
},
{
"name": "[TYPO3-announce] 20120417 Announcing TYPO3 4.4.15, 4.5.15 and 4.6.8",
"refsource": "MLIST",
"url": "http://lists.typo3.org/pipermail/typo3-announce/2012/000242.html"
},
{
"name": "[oss-security] 20120417 CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/17/5"
},
{
"name": "[oss-security] 20120417 Re: CVE-request: TYPO3-CORE-SA-2012-002 XSS in TYPO3 Core",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/04/18/1"
},
{
"name": "DSA-2455",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2455"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/"
}
]
}
}

140
2012/2xxx/CVE-2012-2271.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2271",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18892",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18892/"
},
{
"name" : "53611",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53611"
},
{
"name" : "82086",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/82086"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "82086",
"refsource": "OSVDB",
"url": "http://osvdb.org/82086"
},
{
"name": "53611",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53611"
},
{
"name": "18892",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18892/"
}
]
}
}

150
2012/2xxx/CVE-2012-2413.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2413",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2413",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120503 [waraxe-2012-SA#087] - Reflected XSS in Joomla 1.5.26 \"ja_purity\" template",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-05/0021.html"
},
{
"name" : "http://www.waraxe.us/advisory-87.html",
"refsource" : "MISC",
"url" : "http://www.waraxe.us/advisory-87.html"
},
{
"name" : "53382",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53382"
},
{
"name" : "joomla-modules-xss(75398)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75398"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the ja_purity template for Joomla! 1.5.26 and earlier allows remote attackers to inject arbitrary web script or HTML via the Mod* cookie parameter to html/modules.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.waraxe.us/advisory-87.html",
"refsource": "MISC",
"url": "http://www.waraxe.us/advisory-87.html"
},
{
"name": "53382",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53382"
},
{
"name": "joomla-modules-xss(75398)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75398"
},
{
"name": "20120503 [waraxe-2012-SA#087] - Reflected XSS in Joomla 1.5.26 \"ja_purity\" template",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0021.html"
}
]
}
}

140
2012/2xxx/CVE-2012-2913.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2913",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/112699/WordPress-Leaflet-0.0.1-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/112699/WordPress-Leaflet-0.0.1-Cross-Site-Scripting.html"
},
{
"name" : "53526",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53526"
},
{
"name" : "leaflet-admin-xss(75628)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75628"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet plugin 0.0.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) leaflet_layer.php or (2) leaflet_marker.php, as reachable through wp-admin/admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/112699/WordPress-Leaflet-0.0.1-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112699/WordPress-Leaflet-0.0.1-Cross-Site-Scripting.html"
},
{
"name": "leaflet-admin-xss(75628)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75628"
},
{
"name": "53526",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53526"
}
]
}
}

200
2012/2xxx/CVE-2012-2922.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2922",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120510 Drupal 7.14 <= Full Path Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-05/0052.html"
},
{
"name" : "20120510 Drupal 7.14 <= Full Path Disclosure Vulnerability (Update)",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-05/0053.html"
},
{
"name" : "20120510 Re: Drupal 7.14 <= Full Path Disclosure Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-05/0055.html"
},
{
"name" : "[oss-security] 20120802 Re: CVE Request for Drupal contributed modules",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/08/02/8"
},
{
"name" : "MDVSA-2013:074",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:074"
},
{
"name" : "53454",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53454"
},
{
"name" : "81817",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/81817"
},
{
"name" : "49131",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49131"
},
{
"name" : "drupal-index-path-disclosure(75531)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75531"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installation path in an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "81817",
"refsource": "OSVDB",
"url": "http://osvdb.org/81817"
},
{
"name": "drupal-index-path-disclosure(75531)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75531"
},
{
"name": "20120510 Drupal 7.14 <= Full Path Disclosure Vulnerability (Update)",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0053.html"
},
{
"name": "MDVSA-2013:074",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:074"
},
{
"name": "49131",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49131"
},
{
"name": "53454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53454"
},
{
"name": "20120510 Drupal 7.14 <= Full Path Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0052.html"
},
{
"name": "20120510 Re: Drupal 7.14 <= Full Path Disclosure Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-05/0055.html"
},
{
"name": "[oss-security] 20120802 Re: CVE Request for Drupal contributed modules",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/08/02/8"
}
]
}
}

34
2012/3xxx/CVE-2012-3101.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3101",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-3101",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

210
2012/3xxx/CVE-2012-3386.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3386",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[automake] 20120709 CVE-2012-3386 Automake security fix for 'make distcheck'",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"name" : "[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"name" : "[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"name" : "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76",
"refsource" : "CONFIRM",
"url" : "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"name" : "FEDORA-2012-14297",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
},
{
"name" : "FEDORA-2012-14349",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"name" : "FEDORA-2012-14770",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"name" : "MDVSA-2012:103",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"name" : "RHSA-2013:0526",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"name" : "openSUSE-SU-2012:1519",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"make distcheck\" rule in GNU Automake before 1.11.6 and 1.12.x before 1.12.2 grants world-writable permissions to the extraction directory, which introduces a race condition that allows local users to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2012-14770",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-October/089187.html"
},
{
"name": "MDVSA-2012:103",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:103"
},
{
"name": "openSUSE-SU-2012:1519",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-11/msg00038.html"
},
{
"name": "FEDORA-2012-14349",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087538.html"
},
{
"name": "RHSA-2013:0526",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0526.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.11.6 released (fixes a SECURITY VULNERABILITY!)",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00021.html"
},
{
"name": "[automake] 20120709 GNU Automake 1.12.2 released (fixes a SECURITY VULNERABILITY!)",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00022.html"
},
{
"name": "[automake] 20120709 CVE-2012-3386 Automake security fix for 'make distcheck'",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/automake/2012-07/msg00023.html"
},
{
"name": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76",
"refsource": "CONFIRM",
"url": "http://git.savannah.gnu.org/cgit/automake.git/commit/?id=784b3e6ccc7c72a1c95c340cbbe8897d6b689d76"
},
{
"name": "FEDORA-2012-14297",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087665.html"
}
]
}
}

190
2012/3xxx/CVE-2012-3675.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3675",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2012-3675",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.apple.com/kb/HT5485",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5485"
},
{
"name" : "http://support.apple.com/kb/HT5502",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT5502"
},
{
"name" : "APPLE-SA-2012-09-12-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2012-09-19-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name" : "55534",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55534"
},
{
"name" : "85373",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85373"
},
{
"name" : "oval:org.mitre.oval:def:17144",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17144"
},
{
"name" : "apple-itunes-webkit-cve20123675(78551)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78551"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2012-09-19-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00005.html"
},
{
"name": "http://support.apple.com/kb/HT5485",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5485"
},
{
"name": "oval:org.mitre.oval:def:17144",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17144"
},
{
"name": "http://support.apple.com/kb/HT5502",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT5502"
},
{
"name": "55534",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55534"
},
{
"name": "apple-itunes-webkit-cve20123675(78551)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78551"
},
{
"name": "APPLE-SA-2012-09-12-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html"
},
{
"name": "85373",
"refsource": "OSVDB",
"url": "http://osvdb.org/85373"
}
]
}
}

130
2012/3xxx/CVE-2012-3923.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3923",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2012-3923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.html",
"refsource" : "CONFIRM",
"url" : "http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.html"
},
{
"name" : "ciscoios-sslvpn-dtls-dos(78670)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78670"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, when DTLS is not enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a PPP over ATM (PPPoA) interface, aka Bug ID CSCte41827."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/ios/15_2m_and_t/release/notes/152-1TCAVS.html"
},
{
"name": "ciscoios-sslvpn-dtls-dos(78670)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78670"
}
]
}
}

140
2012/4xxx/CVE-2012-4325.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4325",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4325",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18720",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18720"
},
{
"name" : "80986",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80986"
},
{
"name" : "utopianewspro-users-csrf(74760)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in upload/users.php in Utopia News Pro (UNP) 1.4.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18720",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18720"
},
{
"name": "80986",
"refsource": "OSVDB",
"url": "http://osvdb.org/80986"
},
{
"name": "utopianewspro-users-csrf(74760)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74760"
}
]
}
}

160
2012/4xxx/CVE-2012-4502.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4502",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-4502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[chrony-announce] 20130808 chrony-1.29 released (security)",
"refsource" : "MLIST",
"url" : "http://permalink.gmane.org/gmane.comp.time.chrony.announce/15"
},
{
"name" : "[oss-security] 20130809 [Not a CVE request, just notification] CVE-2012-4502, CVE-2012-4503 -- Two security flaws fixed in Chrony v1.29",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2013/q3/332"
},
{
"name" : "http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=7712455d9aa33d0db0945effaa07e900b85987b1",
"refsource" : "CONFIRM",
"url" : "http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=7712455d9aa33d0db0945effaa07e900b85987b1"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=846392",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=846392"
},
{
"name" : "DSA-2760",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2013/dsa-2760"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in pktlength.c in Chrony before 1.29 allow remote attackers to cause a denial of service (crash) via a crafted (1) REQ_SUBNETS_ACCESSED or (2) REQ_CLIENT_ACCESSES command request to the PKL_CommandLength function or crafted (3) RPY_SUBNETS_ACCESSED, (4) RPY_CLIENT_ACCESSES, (5) RPY_CLIENT_ACCESSES_BY_INDEX, or (6) RPY_MANUAL_LIST command reply to the PKL_ReplyLength function, which triggers an out-of-bounds read or buffer overflow. NOTE: versions 1.27 and 1.28 do not require authentication to exploit."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[chrony-announce] 20130808 chrony-1.29 released (security)",
"refsource": "MLIST",
"url": "http://permalink.gmane.org/gmane.comp.time.chrony.announce/15"
},
{
"name": "DSA-2760",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2760"
},
{
"name": "[oss-security] 20130809 [Not a CVE request, just notification] CVE-2012-4502, CVE-2012-4503 -- Two security flaws fixed in Chrony v1.29",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2013/q3/332"
},
{
"name": "http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=7712455d9aa33d0db0945effaa07e900b85987b1",
"refsource": "CONFIRM",
"url": "http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=7712455d9aa33d0db0945effaa07e900b85987b1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=846392",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=846392"
}
]
}
}

120
2012/6xxx/CVE-2012-6047.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6047",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6047",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "18850",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18850"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that add a user to an arbitrary group via the users page in an adminpanel action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18850",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18850"
}
]
}
}

180
2012/6xxx/CVE-2012-6517.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6517",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) question or (3) answer parameter to modules/poll/edit.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120426 DIY CMS v1.0 Poll - Multiple Web Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0213.html"
},
{
"name" : "18804",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18804"
},
{
"name" : "http://packetstormsecurity.org/files/112224/DIY-CMS-1.0-Poll-XSS-CSRF-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/112224/DIY-CMS-1.0-Poll-XSS-CSRF-SQL-Injection.html"
},
{
"name" : "http://www.vulnerability-lab.com/get_content.php?id=518",
"refsource" : "MISC",
"url" : "http://www.vulnerability-lab.com/get_content.php?id=518"
},
{
"name" : "53266",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53266"
},
{
"name" : "81561",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/81561"
},
{
"name" : "diycms-multiple-xss(75229)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75229"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) question or (3) answer parameter to modules/poll/edit.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18804",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18804"
},
{
"name": "diycms-multiple-xss(75229)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75229"
},
{
"name": "20120426 DIY CMS v1.0 Poll - Multiple Web Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0213.html"
},
{
"name": "53266",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53266"
},
{
"name": "http://www.vulnerability-lab.com/get_content.php?id=518",
"refsource": "MISC",
"url": "http://www.vulnerability-lab.com/get_content.php?id=518"
},
{
"name": "81561",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/81561"
},
{
"name": "http://packetstormsecurity.org/files/112224/DIY-CMS-1.0-Poll-XSS-CSRF-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/112224/DIY-CMS-1.0-Poll-XSS-CSRF-SQL-Injection.html"
}
]
}
}

120
2012/6xxx/CVE-2012-6566.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6566",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf",
"refsource" : "CONFIRM",
"url" : "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf",
"refsource": "CONFIRM",
"url": "http://ctsi.psu.edu/wp-content/uploads/2013/03/REDCap-Release-Notes-Version5.pdf"
}
]
}
}

190
2015/5xxx/CVE-2015-5788.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2015-5788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://support.apple.com/HT205212",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205212"
},
{
"name" : "https://support.apple.com/HT205265",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205265"
},
{
"name" : "APPLE-SA-2015-09-16-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name" : "APPLE-SA-2015-09-30-2",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name" : "openSUSE-SU-2016:0915",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html"
},
{
"name" : "USN-2937-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2937-1"
},
{
"name" : "76766",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76766"
},
{
"name" : "1033609",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033609"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The WebKit Canvas implementation in Apple iOS before 9 allows remote attackers to bypass the Same Origin Policy and obtain sensitive image information via vectors involving a CANVAS element."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "76766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76766"
},
{
"name": "https://support.apple.com/HT205265",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205265"
},
{
"name": "APPLE-SA-2015-09-30-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00007.html"
},
{
"name": "openSUSE-SU-2016:0915",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
},
{
"name": "USN-2937-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2937-1"
}
]
}
}

140
2017/2xxx/CVE-2017-2174.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2174",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Empirical Project Monitor - eXtended",
"version" : {
"version_data" : [
{
"version_value" : "all versions"
}
]
}
}
]
},
"vendor_name" : "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Cross-site scripting"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2174",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Empirical Project Monitor - eXtended",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "INFORMATION-TECHNOLOGY PROMOTION AGENCY, JAPAN (IPA)"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ipa.go.jp/sec/info/20170519.html",
"refsource" : "CONFIRM",
"url" : "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name" : "JVN#11326581",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN11326581/index.html"
},
{
"name" : "JVNDB-2017-000097",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Empirical Project Monitor - eXtended all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2017-000097",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2017-000097"
},
{
"name": "https://www.ipa.go.jp/sec/info/20170519.html",
"refsource": "CONFIRM",
"url": "https://www.ipa.go.jp/sec/info/20170519.html"
},
{
"name": "JVN#11326581",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN11326581/index.html"
}
]
}
}

130
2017/2xxx/CVE-2017-2326.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sirt@juniper.net",
"ID" : "CVE-2017-2326",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "NorthStar Controller Application",
"version" : {
"version_data" : [
{
"version_value" : "prior to version 2.1.0 Service Pack 1"
}
]
}
}
]
},
"vendor_name" : "Juniper Networks"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "information disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "sirt@juniper.net",
"ID": "CVE-2017-2326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "NorthStar Controller Application",
"version": {
"version_data": [
{
"version_value": "prior to version 2.1.0 Service Pack 1"
}
]
}
}
]
},
"vendor_name": "Juniper Networks"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kb.juniper.net/JSA10783",
"refsource" : "CONFIRM",
"url" : "https://kb.juniper.net/JSA10783"
},
{
"name" : "97691",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/97691"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in Juniper Networks NorthStar Controller Application prior to version 2.1.0 Service Pack 1 may allow an unprivileged, authenticated, network-based attacker to replicate the underlying Junos OS VM and all data it maintains to their local system for future analysis."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "97691",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/97691"
},
{
"name": "https://kb.juniper.net/JSA10783",
"refsource": "CONFIRM",
"url": "https://kb.juniper.net/JSA10783"
}
]
}
}

140
2018/11xxx/CVE-2018-11270.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11270",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Double Free in Wired Connectivity"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=d475e1aba3f8be3b135199014549ff9d5c315e1d",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=d475e1aba3f8be3b135199014549ff9d5c315e1d"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Double Free in Wired Connectivity"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components"
},
{
"name": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=d475e1aba3f8be3b135199014549ff9d5c315e1d",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=d475e1aba3f8be3b135199014549ff9d5c315e1d"
}
]
}
}

130
2018/14xxx/CVE-2018-14269.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "zdi-disclosures@trendmicro.com",
"ID" : "CVE-2018-14269",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Foxit Reader",
"version" : {
"version_data" : [
{
"version_value" : "9.0.1.1049"
}
]
}
}
]
},
"vendor_name" : "Foxit"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the print method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6032."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
"CVE_data_meta": {
"ASSIGNER": "zdi-disclosures@trendmicro.com",
"ID": "CVE-2018-14269",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Foxit Reader",
"version": {
"version_data": [
{
"version_value": "9.0.1.1049"
}
]
}
}
]
},
"vendor_name": "Foxit"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://zerodayinitiative.com/advisories/ZDI-18-729",
"refsource" : "MISC",
"url" : "https://zerodayinitiative.com/advisories/ZDI-18-729"
},
{
"name" : "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource" : "CONFIRM",
"url" : "https://www.foxitsoftware.com/support/security-bulletins.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the print method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6032."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-843-Access of Resource Using Incompatible Type ('Type Confusion')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.foxitsoftware.com/support/security-bulletins.php",
"refsource": "CONFIRM",
"url": "https://www.foxitsoftware.com/support/security-bulletins.php"
},
{
"name": "https://zerodayinitiative.com/advisories/ZDI-18-729",
"refsource": "MISC",
"url": "https://zerodayinitiative.com/advisories/ZDI-18-729"
}
]
}
}

200
2018/14xxx/CVE-2018-14622.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "sfowler@redhat.com",
"ID" : "CVE-2018-14622",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "libtirpc",
"version" : {
"version_data" : [
{
"version_value" : "0.3.3-rc3"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-476"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libtirpc",
"version": {
"version_data": [
{
"version_value": "0.3.3-rc3"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180831 [SECURITY] [DLA 1487-1] libtirpc security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00034.html"
},
{
"name" : "http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0",
"refsource" : "CONFIRM",
"url" : "http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=968175",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=968175"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14622",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14622"
},
{
"name" : "RHBA-2017:1991",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHBA-2017:1991"
},
{
"name" : "USN-3759-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3759-1/"
},
{
"name" : "USN-3759-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3759-2/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A null-pointer dereference vulnerability was found in libtirpc before version 0.3.3-rc3. The return value of makefd_xprt() was not checked in all instances, which could lead to a crash when the server exhausted the maximum number of available file descriptors. A remote attacker could cause an rpc-based application to crash by flooding it with new connections."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-476"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3759-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3759-2/"
},
{
"name": "USN-3759-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3759-1/"
},
{
"name": "RHBA-2017:1991",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2017:1991"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=968175",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=968175"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14622",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14622"
},
{
"name": "http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0",
"refsource": "CONFIRM",
"url": "http://git.linux-nfs.org/?p=steved/libtirpc.git;a=commit;h=1c77f7a869bdea2a34799d774460d1f9983d45f0"
},
{
"name": "[debian-lts-announce] 20180831 [SECURITY] [DLA 1487-1] libtirpc security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00034.html"
}
]
}
}

34
2018/14xxx/CVE-2018-14761.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14761",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14761",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

178
2018/15xxx/CVE-2018-15453.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@cisco.com",
"DATE_PUBLIC" : "2019-01-09T16:00:00-0800",
"ID" : "CVE-2018-15453",
"STATE" : "PUBLIC",
"TITLE" : "Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Cisco Email Security Appliance (ESA) ",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Cisco"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to improper input validation of S/MIME-signed emails. An attacker could exploit this vulnerability by sending a malicious S/MIME-signed email through a targeted device. If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed email, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a permanent DoS condition. This vulnerability may require manual intervention to recover the ESA."
}
]
},
"exploit" : [
{
"lang" : "eng",
"value" : "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact" : {
"cvss" : {
"baseScore" : "8.6",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2019-01-09T16:00:00-0800",
"ID": "CVE-2018-15453",
"STATE": "PUBLIC",
"TITLE": "Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco Email Security Appliance (ESA) ",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20190109 Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos"
},
{
"name" : "106511",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106511"
}
]
},
"source" : {
"advisory" : "cisco-sa-20190109-esa-dos",
"defect" : [
[
"CSCvk73786"
]
],
"discovery" : "INTERNAL"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause an affected device to corrupt system memory. A successful exploit could cause the filtering process to unexpectedly reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to improper input validation of S/MIME-signed emails. An attacker could exploit this vulnerability by sending a malicious S/MIME-signed email through a targeted device. If Decryption and Verification or Public Key Harvesting is configured, the filtering process could crash due to memory corruption and restart, resulting in a DoS condition. The software could then resume processing the same S/MIME-signed email, causing the filtering process to crash and restart again. A successful exploit could allow the attacker to cause a permanent DoS condition. This vulnerability may require manual intervention to recover the ESA."
}
]
},
"exploit": [
{
"lang": "eng",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "
}
],
"impact": {
"cvss": {
"baseScore": "8.6",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H ",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20190109 Cisco Email Security Appliance Memory Corruption Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-esa-dos"
},
{
"name": "106511",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106511"
}
]
},
"source": {
"advisory": "cisco-sa-20190109-esa-dos",
"defect": [
[
"CSCvk73786"
]
],
"discovery": "INTERNAL"
}
}

120
2018/15xxx/CVE-2018-15562.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15562",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15562",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/149109/CMS-ISWEB-3.5.3-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/149109/CMS-ISWEB-3.5.3-Cross-Site-Scripting.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/149109/CMS-ISWEB-3.5.3-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/149109/CMS-ISWEB-3.5.3-Cross-Site-Scripting.html"
}
]
}
}

120
2018/15xxx/CVE-2018-15564.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15564",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/daveismyname/simple-cms/issues/4",
"refsource" : "MISC",
"url" : "https://github.com/daveismyname/simple-cms/issues/4"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/daveismyname/simple-cms/issues/4",
"refsource": "MISC",
"url": "https://github.com/daveismyname/simple-cms/issues/4"
}
]
}
}

122
2018/15xxx/CVE-2018-15696.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnreport@tenable.com",
"DATE_PUBLIC" : "2018-08-24T00:00:00",
"ID" : "CVE-2018-15696",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "ASUSTOR Data Master",
"version" : {
"version_data" : [
{
"version_value" : "3.1.5 and below"
}
]
}
}
]
},
"vendor_name" : "Tenable"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Insufficient Protections"
}
"CVE_data_meta": {
"ASSIGNER": "vulnreport@tenable.com",
"DATE_PUBLIC": "2018-08-24T00:00:00",
"ID": "CVE-2018-15696",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ASUSTOR Data Master",
"version": {
"version_data": [
{
"version_value": "3.1.5 and below"
}
]
}
}
]
},
"vendor_name": "Tenable"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.tenable.com/security/research/tra-2018-22",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-22"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Protections"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.tenable.com/security/research/tra-2018-22",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-22"
}
]
}
}

120
2018/3xxx/CVE-2018-3667.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"ID" : "CVE-2018-3667",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Intel Processor Diagnostic Tool",
"version" : {
"version_data" : [
{
"version_value" : "4.1.0.24"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege escalation"
}
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"ID": "CVE-2018-3667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Intel Processor Diagnostic Tool",
"version": {
"version_data": [
{
"version_value": "4.1.0.24"
}
]
}
}
]
},
"vendor_name": "Intel Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Installation tool IPDT (Intel Processor Diagnostic Tool) 4.1.0.24 sets permissions of installed files incorrectly, allowing for execution of arbitrary code and potential privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00140.html"
}
]
}
}

120
2018/8xxx/CVE-2018-8001.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8001",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1549469",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1549469"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName() in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1549469",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549469"
}
]
}
}

230
2018/8xxx/CVE-2018-8165.json
View File

@ -1,117 +1,117 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX Graphics Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8165",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8165"
},
{
"name" : "104038",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104038"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory, aka \"DirectX Graphics Kernel Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104038",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104038"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8165",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8165"
}
]
}
}

204
2018/8xxx/CVE-2018-8219.json
View File

@ -1,104 +1,104 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8219",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka \"Hypervisor Code Integrity Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8219",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8219",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8219"
},
{
"name" : "104353",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104353"
},
{
"name" : "1041096",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041096"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Windows Hyper-V instruction emulation fails to properly enforce privilege levels, aka \"Hypervisor Code Integrity Elevation of Privilege Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104353",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104353"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8219",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8219"
},
{
"name": "1041096",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041096"
}
]
}
}

188
2018/8xxx/CVE-2018-8379.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8379",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Excel",
"version" : {
"version_data" : [
{
"version_value" : "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value" : "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value" : "2013 RT Service Pack 1"
},
{
"version_value" : "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value" : "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value" : "2016 (32-bit edition)"
},
{
"version_value" : "2016 (64-bit edition)"
},
{
"version_value" : "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value" : "2016 Click-to-Run (C2R) for 64-bit editions"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel. This CVE ID is unique from CVE-2018-8375."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8379",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Excel",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
},
{
"version_value": "2016 Click-to-Run (C2R) for 32-bit editions"
},
{
"version_value": "2016 Click-to-Run (C2R) for 64-bit editions"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8379",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8379"
},
{
"name" : "104997",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104997"
},
{
"name" : "1041463",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041463"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka \"Microsoft Excel Remote Code Execution Vulnerability.\" This affects Microsoft Excel. This CVE ID is unique from CVE-2018-8375."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104997",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104997"
},
{
"name": "1041463",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041463"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8379",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8379"
}
]
}
}

120
2018/8xxx/CVE-2018-8765.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8765",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222018."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/0x00222018",
"refsource" : "MISC",
"url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/0x00222018"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00222018."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/0x00222018",
"refsource": "MISC",
"url": "https://github.com/D0neMkj/POC_BSOD/tree/master/2345%20security%20guard/0x00222018"
}
]
}
}

140
2018/8xxx/CVE-2018-8804.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8804",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/1025",
"refsource" : "CONFIRM",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/1025"
},
{
"name" : "USN-3681-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3681-1/"
},
{
"name" : "103498",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103498"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote attackers to cause a denial of service (MagickCore/memory.c double free and application crash) or possibly have unspecified other impact via a crafted file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "103498",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103498"
},
{
"name": "USN-3681-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3681-1/"
},
{
"name": "https://github.com/ImageMagick/ImageMagick/issues/1025",
"refsource": "CONFIRM",
"url": "https://github.com/ImageMagick/ImageMagick/issues/1025"
}
]
}
}