admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 23:05:29 +00:00
parent eaac658efd
commit 799b27bcf6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
44 changed files with 2922 additions and 2922 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

120
1999/0xxx/CVE-1999-0018.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0018",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in statd allows root privileges."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0018",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "127",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/127"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in statd allows root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "127",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/127"
}
]
}
}

150
1999/0xxx/CVE-1999-0593.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-0593",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.microsoft.com/technet/archive/winntas/deploy/confeat/06wntpcc.mspx?mfr=true",
"refsource" : "MISC",
"url" : "http://www.microsoft.com/technet/archive/winntas/deploy/confeat/06wntpcc.mspx?mfr=true"
},
{
"name" : "http://technet.microsoft.com/en-us/library/cc722469.aspx",
"refsource" : "CONFIRM",
"url" : "http://technet.microsoft.com/en-us/library/cc722469.aspx"
},
{
"name" : "59333",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/59333"
},
{
"name" : "nt-shutdown-without-logon(1291)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/1291"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default setting for the Winlogon key entry ShutdownWithoutLogon in Windows NT allows users with physical access to shut down a Windows NT system without logging in."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "59333",
"refsource": "OSVDB",
"url": "http://osvdb.org/59333"
},
{
"name": "nt-shutdown-without-logon(1291)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/1291"
},
{
"name": "http://www.microsoft.com/technet/archive/winntas/deploy/confeat/06wntpcc.mspx?mfr=true",
"refsource": "MISC",
"url": "http://www.microsoft.com/technet/archive/winntas/deploy/confeat/06wntpcc.mspx?mfr=true"
},
{
"name": "http://technet.microsoft.com/en-us/library/cc722469.aspx",
"refsource": "CONFIRM",
"url": "http://technet.microsoft.com/en-us/library/cc722469.aspx"
}
]
}
}

140
1999/1xxx/CVE-1999-1501.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-1999-1501",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "(1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "19980408 SGI O2 ipx security issue",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=89217373930054&w=2"
},
{
"name" : "70",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/70"
},
{
"name" : "71",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear the IFS environmental variable before executing system calls, which allows local users to execute arbitrary commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19980408 SGI O2 ipx security issue",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=89217373930054&w=2"
},
{
"name": "70",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70"
},
{
"name": "71",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71"
}
]
}
}

270
2005/2xxx/CVE-2005-2267.json
View File

@ -1,137 +1,137 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2267",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-2267",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.mozilla.org/security/announce/mfsa2005-53.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/mfsa2005-53.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=298255",
"refsource" : "MISC",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=298255"
},
{
"name" : "FLSA:160202",
"refsource" : "FEDORA",
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202"
},
{
"name" : "RHSA-2005:586",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-586.html"
},
{
"name" : "RHSA-2005:587",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-587.html"
},
{
"name" : "SUSE-SA:2005:045",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html"
},
{
"name" : "SUSE-SR:2005:018",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name" : "P-252",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/p-252.shtml"
},
{
"name" : "14242",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14242"
},
{
"name" : "oval:org.mitre.oval:def:11334",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11334"
},
{
"name" : "ADV-2005-1075",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1075"
},
{
"name" : "oval:org.mitre.oval:def:100006",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100006"
},
{
"name" : "oval:org.mitre.oval:def:1073",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1073"
},
{
"name" : "oval:org.mitre.oval:def:1172",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1172"
},
{
"name" : "1014469",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014469"
},
{
"name" : "16043",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16043"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2005:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name": "P-252",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-252.shtml"
},
{
"name": "1014469",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014469"
},
{
"name": "oval:org.mitre.oval:def:1172",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1172"
},
{
"name": "FLSA:160202",
"refsource": "FEDORA",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=160202"
},
{
"name": "RHSA-2005:587",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-587.html"
},
{
"name": "http://www.mozilla.org/security/announce/mfsa2005-53.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/mfsa2005-53.html"
},
{
"name": "ADV-2005-1075",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1075"
},
{
"name": "oval:org.mitre.oval:def:11334",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11334"
},
{
"name": "oval:org.mitre.oval:def:100006",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100006"
},
{
"name": "SUSE-SA:2005:045",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_45_mozilla.html"
},
{
"name": "14242",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14242"
},
{
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=298255",
"refsource": "MISC",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=298255"
},
{
"name": "RHSA-2005:586",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-586.html"
},
{
"name": "16043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16043"
},
{
"name": "oval:org.mitre.oval:def:1073",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1073"
}
]
}
}

150
2005/2xxx/CVE-2005-2745.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2745",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "APPLE-SA-2005-09-22",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html"
},
{
"name" : "ESB-2005.0732",
"refsource" : "AUSCERT",
"url" : "http://www.auscert.org.au/5509"
},
{
"name" : "P-312",
"refsource" : "CIAC",
"url" : "http://www.ciac.org/ciac/bulletins/p-312.shtml"
},
{
"name" : "16920",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16920/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "P-312",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/p-312.shtml"
},
{
"name": "ESB-2005.0732",
"refsource": "AUSCERT",
"url": "http://www.auscert.org.au/5509"
},
{
"name": "APPLE-SA-2005-09-22",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html"
},
{
"name": "16920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16920/"
}
]
}
}

140
2005/3xxx/CVE-2005-3001.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3001",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the \"tl\" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3001",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "101899",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101899-1"
},
{
"name" : "ADV-2005-1788",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1788"
},
{
"name" : "16874",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16874"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the \"tl\" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-1788",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1788"
},
{
"name": "101899",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101899-1"
},
{
"name": "16874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16874"
}
]
}
}

150
2005/3xxx/CVE-2005-3828.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3828",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/11/activecampaign-knowledgebuilder-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/activecampaign-knowledgebuilder-vuln.html"
},
{
"name" : "ADV-2005-2587",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2587"
},
{
"name" : "21096",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21096"
},
{
"name" : "17732",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17732"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the article parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21096",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21096"
},
{
"name": "17732",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17732"
},
{
"name": "http://pridels0.blogspot.com/2005/11/activecampaign-knowledgebuilder-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/activecampaign-knowledgebuilder-vuln.html"
},
{
"name": "ADV-2005-2587",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2587"
}
]
}
}

640
2005/3xxx/CVE-2005-3962.json
View File

@ -1,322 +1,322 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3962",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-3962",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051201 Perl format string integer wrap vulnerability",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=113342788118630&w=2"
},
{
"name" : "20051201 Perl format string integer wrap vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/418333/100/0/threaded"
},
{
"name" : "http://www.dyadsecurity.com/perl-0002.html",
"refsource" : "MISC",
"url" : "http://www.dyadsecurity.com/perl-0002.html"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"name" : "http://docs.info.apple.com/article.html?artnum=304829",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name" : "http://www.ipcop.org/index.php?name=News&file=article&sid=41",
"refsource" : "CONFIRM",
"url" : "http://www.ipcop.org/index.php?name=News&file=article&sid=41"
},
{
"name" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch"
},
{
"name" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"
},
{
"name" : "APPLE-SA-2006-11-28",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name" : "CLSA-2006:1056",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056"
},
{
"name" : "DSA-943",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-943"
},
{
"name" : "FLSA-2006:176731",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html"
},
{
"name" : "GLSA-200512-01",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"
},
{
"name" : "HPSBTU02125",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"name" : "SSRT061105",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"name" : "MDKSA-2005:225",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:225"
},
{
"name" : "[3.7] 20060105 007: SECURITY FIX: January 5, 2006",
"refsource" : "OPENBSD",
"url" : "http://www.openbsd.org/errata37.html#perl"
},
{
"name" : "OpenPKG-SA-2005.025",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html"
},
{
"name" : "RHSA-2005:880",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-880.html"
},
{
"name" : "RHSA-2005:881",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"name" : "20060101-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name" : "102192",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"
},
{
"name" : "SUSE-SA:2005:071",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_71_perl.html"
},
{
"name" : "SUSE-SR:2005:029",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_29_sr.html"
},
{
"name" : "TSLSA-2005-0070",
"refsource" : "TRUSTIX",
"url" : "http://www.trustix.org/errata/2005/0070"
},
{
"name" : "USN-222-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/222-1/"
},
{
"name" : "TA06-333A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name" : "VU#948385",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/948385"
},
{
"name" : "15629",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15629"
},
{
"name" : "oval:org.mitre.oval:def:10598",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598"
},
{
"name" : "ADV-2005-2688",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2688"
},
{
"name" : "ADV-2006-0771",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/0771"
},
{
"name" : "ADV-2006-2613",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/2613"
},
{
"name" : "ADV-2006-4750",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name" : "21345",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21345"
},
{
"name" : "22255",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22255"
},
{
"name" : "oval:org.mitre.oval:def:1074",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074"
},
{
"name" : "17802",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17802"
},
{
"name" : "17844",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17844"
},
{
"name" : "17762",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17762"
},
{
"name" : "17941",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17941"
},
{
"name" : "17952",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17952"
},
{
"name" : "18183",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18183"
},
{
"name" : "18187",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18187"
},
{
"name" : "18075",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18075"
},
{
"name" : "18295",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18295"
},
{
"name" : "18517",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18517"
},
{
"name" : "17993",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17993"
},
{
"name" : "19041",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19041"
},
{
"name" : "18413",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18413"
},
{
"name" : "20894",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20894"
},
{
"name" : "23155",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/23155"
},
{
"name" : "31208",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/31208"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "oval:org.mitre.oval:def:1074",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074"
},
{
"name": "VU#948385",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/948385"
},
{
"name": "22255",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22255"
},
{
"name": "17941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17941"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"name": "20051201 Perl format string integer wrap vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418333/100/0/threaded"
},
{
"name": "HPSBTU02125",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"name": "20051201 Perl format string integer wrap vulnerability",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=113342788118630&w=2"
},
{
"name": "ADV-2005-2688",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2688"
},
{
"name": "http://www.dyadsecurity.com/perl-0002.html",
"refsource": "MISC",
"url": "http://www.dyadsecurity.com/perl-0002.html"
},
{
"name": "21345",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21345"
},
{
"name": "15629",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15629"
},
{
"name": "RHSA-2005:881",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "oval:org.mitre.oval:def:10598",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598"
},
{
"name": "DSA-943",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-943"
},
{
"name": "[3.7] 20060105 007: SECURITY FIX: January 5, 2006",
"refsource": "OPENBSD",
"url": "http://www.openbsd.org/errata37.html#perl"
},
{
"name": "17993",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17993"
},
{
"name": "18075",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18075"
},
{
"name": "FLSA-2006:176731",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html"
},
{
"name": "CLSA-2006:1056",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056"
},
{
"name": "OpenPKG-SA-2005.025",
"refsource": "OPENPKG",
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html"
},
{
"name": "SSRT061105",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"name": "ADV-2006-0771",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0771"
},
{
"name": "20060101-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "20894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20894"
},
{
"name": "USN-222-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/222-1/"
},
{
"name": "ADV-2006-2613",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2613"
},
{
"name": "18413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18413"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "17762",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17762"
},
{
"name": "18187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18187"
},
{
"name": "TSLSA-2005-0070",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0070"
},
{
"name": "18517",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18517"
},
{
"name": "18295",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18295"
},
{
"name": "SUSE-SA:2005:071",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_71_perl.html"
},
{
"name": "18183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18183"
},
{
"name": "RHSA-2005:880",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-880.html"
},
{
"name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "102192",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"
},
{
"name": "17952",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17952"
},
{
"name": "MDKSA-2005:225",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:225"
},
{
"name": "http://www.ipcop.org/index.php?name=News&file=article&sid=41",
"refsource": "CONFIRM",
"url": "http://www.ipcop.org/index.php?name=News&file=article&sid=41"
},
{
"name": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch"
},
{
"name": "GLSA-200512-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"
},
{
"name": "31208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31208"
},
{
"name": "17802",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17802"
},
{
"name": "SUSE-SR:2005:029",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html"
},
{
"name": "19041",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19041"
},
{
"name": "17844",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17844"
}
]
}
}

150
2007/5xxx/CVE-2007-5788.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2007-5788",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5788",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=361",
"refsource" : "MISC",
"url" : "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=361"
},
{
"name" : "40187",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/40187"
},
{
"name" : "27401",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/27401"
},
{
"name" : "grandstream-adapter-sip-invite-dos(37411)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/37411"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows remote attackers to cause a denial of service (device crash) via a crafted SIP INVITE message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27401",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27401"
},
{
"name": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=361",
"refsource": "MISC",
"url": "http://www.sipera.com/index.php?action=resources,threat_advisory&tid=361"
},
{
"name": "40187",
"refsource": "OSVDB",
"url": "http://osvdb.org/40187"
},
{
"name": "grandstream-adapter-sip-invite-dos(37411)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37411"
}
]
}
}

160
2009/2xxx/CVE-2009-2113.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2113",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2113",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8980",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8980"
},
{
"name" : "http://sourceforge.net/forum/forum.php?forum_id=966939",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/forum/forum.php?forum_id=966939"
},
{
"name" : "55167",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55167"
},
{
"name" : "55168",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55168"
},
{
"name" : "35492",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35492"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "8980",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8980"
},
{
"name": "http://sourceforge.net/forum/forum.php?forum_id=966939",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/forum/forum.php?forum_id=966939"
},
{
"name": "35492",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35492"
},
{
"name": "55168",
"refsource": "OSVDB",
"url": "http://osvdb.org/55168"
},
{
"name": "55167",
"refsource": "OSVDB",
"url": "http://osvdb.org/55167"
}
]
}
}

180
2009/2xxx/CVE-2009-2314.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2314",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "261408",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-261408-1"
},
{
"name" : "1020599",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020599.1-1"
},
{
"name" : "35568",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35568"
},
{
"name" : "55559",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/55559"
},
{
"name" : "1022510",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022510"
},
{
"name" : "35707",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35707"
},
{
"name" : "ADV-2009-1772",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1772"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1772",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1772"
},
{
"name": "1020599",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020599.1-1"
},
{
"name": "261408",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-261408-1"
},
{
"name": "35568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35568"
},
{
"name": "1022510",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022510"
},
{
"name": "35707",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35707"
},
{
"name": "55559",
"refsource": "OSVDB",
"url": "http://osvdb.org/55559"
}
]
}
}

180
2009/3xxx/CVE-2009-3782.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3782",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with \"View own userpoints\" permissions to read the userpoint data of arbitrary users via unknown attack vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3782",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/610818",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/610818"
},
{
"name" : "http://drupal.org/node/610828",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/610828"
},
{
"name" : "36786",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36786"
},
{
"name" : "59124",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/59124"
},
{
"name" : "37123",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37123"
},
{
"name" : "ADV-2009-2998",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2998"
},
{
"name" : "userpoints-userpoint-information-disclosure(53896)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53896"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with \"View own userpoints\" permissions to read the userpoint data of arbitrary users via unknown attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37123",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37123"
},
{
"name": "userpoints-userpoint-information-disclosure(53896)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53896"
},
{
"name": "36786",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36786"
},
{
"name": "http://drupal.org/node/610828",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/610828"
},
{
"name": "59124",
"refsource": "OSVDB",
"url": "http://osvdb.org/59124"
},
{
"name": "ADV-2009-2998",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2998"
},
{
"name": "http://drupal.org/node/610818",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/610818"
}
]
}
}

120
2015/0xxx/CVE-2015-0126.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0126",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to bypass intended file-upload restrictions via a modified extension."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-0126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902807",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21902807"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, 8.6.0 before 8.6.0.8.1, 9.0.0 through 9.0.0.4, 9.1.0 before 9.1.0.6.1, and 9.1.1 before 9.1.1.0.2 allows remote authenticated users to bypass intended file-upload restrictions via a modified extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21902807",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21902807"
}
]
}
}

250
2015/0xxx/CVE-2015-0315.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0315",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0320, and CVE-2015-0322."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-0315",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html"
},
{
"name" : "https://technet.microsoft.com/library/security/2755801",
"refsource" : "CONFIRM",
"url" : "https://technet.microsoft.com/library/security/2755801"
},
{
"name" : "GLSA-201502-02",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201502-02.xml"
},
{
"name" : "RHSA-2015:0140",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-0140.html"
},
{
"name" : "SUSE-SU-2015:0236",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html"
},
{
"name" : "SUSE-SU-2015:0239",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html"
},
{
"name" : "openSUSE-SU-2015:0237",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html"
},
{
"name" : "openSUSE-SU-2015:0238",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html"
},
{
"name" : "72514",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72514"
},
{
"name" : "1031706",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1031706"
},
{
"name" : "62777",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62777"
},
{
"name" : "62886",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62886"
},
{
"name" : "62895",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/62895"
},
{
"name" : "adobe-flash-cve20150315-code-exec(100697)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100697"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0313, CVE-2015-0320, and CVE-2015-0322."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201502-02",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201502-02.xml"
},
{
"name": "openSUSE-SU-2015:0238",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00008.html"
},
{
"name": "62895",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62895"
},
{
"name": "1031706",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031706"
},
{
"name": "62886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62886"
},
{
"name": "https://technet.microsoft.com/library/security/2755801",
"refsource": "CONFIRM",
"url": "https://technet.microsoft.com/library/security/2755801"
},
{
"name": "62777",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62777"
},
{
"name": "openSUSE-SU-2015:0237",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00007.html"
},
{
"name": "SUSE-SU-2015:0236",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00006.html"
},
{
"name": "72514",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72514"
},
{
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-04.html"
},
{
"name": "RHSA-2015:0140",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-0140.html"
},
{
"name": "adobe-flash-cve20150315-code-exec(100697)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100697"
},
{
"name": "SUSE-SU-2015:0239",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00009.html"
}
]
}
}

130
2015/0xxx/CVE-2015-0772.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0772",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows remote attackers to cause a denial of service (CPU consumption or device outage) via a crafted SDP parameter-negotiation request in an SDP session during a SIP connection, aka Bug ID CSCut42422."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-0772",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150609 Cisco TelePresence Video Communication Server SDP Over SIP Denial of Service Vulnerability",
"refsource" : "CISCO",
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=39240"
},
{
"name" : "1032540",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032540"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows remote attackers to cause a denial of service (CPU consumption or device outage) via a crafted SDP parameter-negotiation request in an SDP session during a SIP connection, aka Bug ID CSCut42422."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150609 Cisco TelePresence Video Communication Server SDP Over SIP Denial of Service Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39240"
},
{
"name": "1032540",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032540"
}
]
}
}

140
2015/0xxx/CVE-2015-0783.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0783",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"ID": "CVE-2015-0783",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-15-150",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-15-150"
},
{
"name" : "https://www.novell.com/support/kb/doc.php?id=7016431",
"refsource" : "CONFIRM",
"url" : "https://www.novell.com/support/kb/doc.php?id=7016431"
},
{
"name" : "1032166",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032166"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FileViewer class in Novell ZENworks Configuration Management (ZCM) allows remote authenticated users to read arbitrary files via the filename variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032166",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032166"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-15-150",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-150"
},
{
"name": "https://www.novell.com/support/kb/doc.php?id=7016431",
"refsource": "CONFIRM",
"url": "https://www.novell.com/support/kb/doc.php?id=7016431"
}
]
}
}

34
2015/0xxx/CVE-2015-0788.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0788",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-0788",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

120
2015/0xxx/CVE-2015-0974.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0974",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediaplayerdll.dll."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-0974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/129808/ZTE-Datacard-MF19-Privilege-Escalation-DLL-Hijacking.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/129808/ZTE-Datacard-MF19-Privilege-Escalation-DLL-Hijacking.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 allows local users to gain privilege by modifying the 'Ucell Internet' directory to reference a malicious mms_dll_r.dll or mediaplayerdll.dll."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/129808/ZTE-Datacard-MF19-Privilege-Escalation-DLL-Hijacking.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129808/ZTE-Datacard-MF19-Privilege-Escalation-DLL-Hijacking.html"
}
]
}
}

120
2015/1xxx/CVE-2015-1348.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1348",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.arubanetworks.com/support/alerts/aruba-psa-2015-001.txt",
"refsource" : "CONFIRM",
"url" : "http://www.arubanetworks.com/support/alerts/aruba-psa-2015-001.txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in Aruba Instant (IAP) with firmware before 4.0.0.7 and 4.1.x before 4.1.1.2 allows remote attackers to cause a denial of service (crash or reset to factory default) via a malformed frame to the wireless interface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.arubanetworks.com/support/alerts/aruba-psa-2015-001.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/support/alerts/aruba-psa-2015-001.txt"
}
]
}
}

130
2015/1xxx/CVE-2015-1576.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1576",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1576",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.com/files/130326/u5CMS-3.9.3-SQL-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130326/u5CMS-3.9.3-SQL-Injection.html"
},
{
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5225.php",
"refsource" : "MISC",
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5225.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/130326/u5CMS-3.9.3-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130326/u5CMS-3.9.3-SQL-Injection.html"
},
{
"name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5225.php",
"refsource": "MISC",
"url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5225.php"
}
]
}
}

150
2015/1xxx/CVE-2015-1812.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1812",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205615",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1205615"
},
{
"name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
"refsource" : "CONFIRM",
"url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"
},
{
"name" : "RHSA-2015:1844",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1844.html"
},
{
"name" : "RHSA-2016:0070",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:0070"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and LTS before 1.596.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2015-1813."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1205615",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1205615"
},
{
"name": "RHSA-2016:0070",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23"
},
{
"name": "RHSA-2015:1844",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1844.html"
}
]
}
}

34
2015/4xxx/CVE-2015-4250.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4250",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-4250",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

34
2015/4xxx/CVE-2015-4589.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4589",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4589",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

138
2015/4xxx/CVE-2015-4617.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "larry0@me.com",
"DATE_ASSIGNED" : "2015-06-08",
"ID" : "CVE-2015-4617",
"REQUESTER" : "cve-assign@mitre.org",
"STATE" : "PUBLIC",
"UPDATED" : "2019-02-13T10:41Z"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Easy2map-photos WordPress Plugin",
"version" : {
"version_data" : [
{
"version_affected" : "1.09",
"version_value" : "1.09"
}
]
}
}
]
},
"vendor_name" : "Steven Ellis"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Path traversal in easy2map-photos wordpress plugin v1.09"
}
"CVE_data_meta": {
"ASSIGNER": "larry0@me.com",
"DATE_ASSIGNED": "2015-06-08",
"ID": "CVE-2015-4617",
"REQUESTER": "cve-assign@mitre.org",
"STATE": "PUBLIC",
"UPDATED": "2019-02-13T10:41Z"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Easy2map-photos WordPress Plugin",
"version": {
"version_data": [
{
"version_affected": "1.09",
"version_value": "1.09"
}
]
}
}
]
},
"vendor_name": "Steven Ellis"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.vapidlabs.com/advisory.php?v=130",
"refsource" : "MISC",
"url" : "http://www.vapidlabs.com/advisory.php?v=130"
},
{
"name" : "https://wordpress.org/plugins/easy2map-photos",
"refsource" : "MISC",
"url" : "https://wordpress.org/plugins/easy2map-photos"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in Easy2map-photos WordPress Plugin v1.09 MapPinImageUpload.php and MapPinIconSave.php allows path traversal when specifying file names creating files outside of the upload directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Path traversal in easy2map-photos wordpress plugin v1.09"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wordpress.org/plugins/easy2map-photos",
"refsource": "MISC",
"url": "https://wordpress.org/plugins/easy2map-photos"
},
{
"name": "http://www.vapidlabs.com/advisory.php?v=130",
"refsource": "MISC",
"url": "http://www.vapidlabs.com/advisory.php?v=130"
}
]
}
}

200
2015/4xxx/CVE-2015-4630.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4630",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37389",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37389/"
},
{
"name" : "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"name" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"name" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/",
"refsource" : "MISC",
"url" : "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"name" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423",
"refsource" : "CONFIRM",
"url" : "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"name" : "https://koha-community.org/koha-3-14-16-released/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/koha-3-14-16-released/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-16-12/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-18-8/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"name" : "https://koha-community.org/security-release-koha-3-20-1/",
"refsource" : "CONFIRM",
"url" : "https://koha-community.org/security-release-koha-3-20-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Koha 3.14.x before 3.14.16, 3.16.x before 3.16.12, 3.18.x before 3.18.08, and 3.20.x before 3.20.1 allow remote attackers to (1) hijack the authentication of administrators for requests that create a user via a request to members/memberentry.pl or (2) give a user superlibrarian permission via a request to members/member-flags.pl or (3) hijack the authentication of arbitrary users for requests that conduct cross-site scripting (XSS) attacks via the addshelf parameter to opac-shelves.pl."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/132458/Koha-ILS-3.20.x-CSRF-XSS-Traversal-SQL-Injection.html"
},
{
"name": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/",
"refsource": "MISC",
"url": "https://www.sba-research.org/2015/06/24/researchers-of-sba-research-found-several-critical-security-vulnerabilities-in-the-koha-library-software-via-combinatorial-testing/"
},
{
"name": "37389",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37389/"
},
{
"name": "https://koha-community.org/security-release-koha-3-16-12/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-16-12/"
},
{
"name": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423",
"refsource": "CONFIRM",
"url": "https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=14423"
},
{
"name": "20150625 SBA Research Vulnerability Disclosure - Multiple Critical Vulnerabilities in Koha ILS",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2015/Jun/80"
},
{
"name": "https://koha-community.org/security-release-koha-3-18-8/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-18-8/"
},
{
"name": "https://koha-community.org/security-release-koha-3-20-1/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/security-release-koha-3-20-1/"
},
{
"name": "https://koha-community.org/koha-3-14-16-released/",
"refsource": "CONFIRM",
"url": "https://koha-community.org/koha-3-14-16-released/"
}
]
}
}

34
2015/4xxx/CVE-2015-4984.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4984",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4984",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2015/8xxx/CVE-2015-8115.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-8115",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-8115",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

132
2015/9xxx/CVE-2015-9217.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"DATE_PUBLIC" : "2018-04-02T00:00:00",
"ID" : "CVE-2015-9217",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Snapdragon Mobile, Snapdragon Wear",
"version" : {
"version_data" : [
{
"version_value" : "MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, certain malformed HVEC clips could cause an assertion to fail."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Reachable assertion during video playback"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"DATE_PUBLIC": "2018-04-02T00:00:00",
"ID": "CVE-2015-9217",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-04-01",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name" : "103671",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103671"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, certain malformed HVEC clips could cause an assertion to fail."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reachable assertion during video playback"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-04-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-04-01"
},
{
"name": "103671",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103671"
}
]
}
}

132
2015/9xxx/CVE-2015-9238.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "support@hackerone.com",
"DATE_PUBLIC" : "2018-04-26T00:00:00",
"ID" : "CVE-2015-9238",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "secure-compare node module",
"version" : {
"version_data" : [
{
"version_value" : "<=3.0.0"
}
]
}
}
]
},
"vendor_name" : "HackerOne"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Incorrect Comparison (CWE-697)"
}
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"DATE_PUBLIC": "2018-04-26T00:00:00",
"ID": "CVE-2015-9238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "secure-compare node module",
"version": {
"version_data": [
{
"version_value": "<=3.0.0"
}
]
}
}
]
},
"vendor_name": "HackerOne"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/vdemedes/secure-compare/pull/1",
"refsource" : "MISC",
"url" : "https://github.com/vdemedes/secure-compare/pull/1"
},
{
"name" : "https://nodesecurity.io/advisories/50",
"refsource" : "MISC",
"url" : "https://nodesecurity.io/advisories/50"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "secure-compare 3.0.0 and below do not actually compare two strings properly. compare was actually comparing the first argument with itself, meaning the check passed for any two strings of the same length."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Incorrect Comparison (CWE-697)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/vdemedes/secure-compare/pull/1",
"refsource": "MISC",
"url": "https://github.com/vdemedes/secure-compare/pull/1"
},
{
"name": "https://nodesecurity.io/advisories/50",
"refsource": "MISC",
"url": "https://nodesecurity.io/advisories/50"
}
]
}
}

126
2018/1999xxx/CVE-2018-1999031.json
View File

@ -1,65 +1,65 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "kurt@seifried.org",
"DATE_ASSIGNED" : "2018-07-31T15:54:50.972368",
"DATE_REQUESTED" : "2018-07-30T00:00:00",
"ID" : "CVE-2018-1999031",
"REQUESTER" : "ml@beckweb.net",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Jenkins meliora-testlab Plugin",
"version" : {
"version_data" : [
{
"version_value" : "1.14 and earlier"
}
]
}
}
]
},
"vendor_name" : "Jenkins project"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-522"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2018-07-31T15:54:50.972368",
"DATE_REQUESTED": "2018-07-30T00:00:00",
"ID": "CVE-2018-1999031",
"REQUESTER": "ml@beckweb.net",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-847",
"refsource" : "CONFIRM",
"url" : "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-847"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exposure of sensitive information vulnerability exists in Jenkins meliora-testlab Plugin 1.14 and earlier in TestlabNotifier.java that allows attackers with file system access to the Jenkins master to obtain the API key stored in this plugin's configuration."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-847",
"refsource": "CONFIRM",
"url": "https://jenkins.io/security/advisory/2018-07-30/#SECURITY-847"
}
]
}
}

34
2018/2xxx/CVE-2018-2235.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-2235",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-2235",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

132
2018/2xxx/CVE-2018-2377.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cna@sap.com",
"ID" : "CVE-2018-2377",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "SAP HANA Extended Application Services",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "1.0"
}
]
}
}
]
},
"vendor_name" : "SAP SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "cna@sap.com",
"ID": "CVE-2018-2377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SAP HANA Extended Application Services",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "1.0"
}
]
}
}
]
},
"vendor_name": "SAP SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource" : "CONFIRM",
"url" : "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
},
{
"name" : "https://launchpad.support.sap.com/#/notes/2589129",
"refsource" : "CONFIRM",
"url" : "https://launchpad.support.sap.com/#/notes/2589129"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In SAP HANA Extended Application Services, 1.0, some general server statistics and status information could be retrieved by unauthorized users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.support.sap.com/#/notes/2589129",
"refsource": "CONFIRM",
"url": "https://launchpad.support.sap.com/#/notes/2589129"
},
{
"name": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/",
"refsource": "CONFIRM",
"url": "https://blogs.sap.com/2018/02/13/sap-security-patch-day-february-2018/"
}
]
}
}

170
2018/2xxx/CVE-2018-2591.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "5.6.38 and prior"
},
{
"version_affected" : "=",
"version_value" : "5.7.19 and prior"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "5.6.38 and prior"
},
{
"version_affected": "=",
"version_value": "5.7.19 and prior"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180117-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180117-0002/"
},
{
"name" : "RHSA-2018:0587",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:0587"
},
{
"name" : "102714",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102714"
},
{
"name" : "1040216",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040216"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server : Partition). Supported versions that are affected are 5.6.38 and prior and 5.7.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:0587",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:0587"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "102714",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102714"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180117-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180117-0002/"
},
{
"name": "1040216",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040216"
}
]
}
}

142
2018/2xxx/CVE-2018-2611.json
View File

@ -1,73 +1,73 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2611",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Sun ZFS Storage Appliance Kit (AK) Software",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "8.7.13"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK)."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Sun ZFS Storage Appliance Kit (AK) Software",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "8.7.13"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name" : "102587",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/102587"
},
{
"name" : "1040215",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040215"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Core Services). The supported version that is affected is Prior to 8.7.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK). CVSS 3.0 Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance Kit (AK). While the vulnerability is in Sun ZFS Storage Appliance Kit (AK), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Sun ZFS Storage Appliance Kit (AK)."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
},
{
"name": "1040215",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040215"
},
{
"name": "102587",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102587"
}
]
}
}

120
2018/6xxx/CVE-2018-6469.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6469",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6469",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/AntsKnows/CVE/blob/master/WP_Plugin_Flickr-rss",
"refsource" : "MISC",
"url" : "https://github.com/AntsKnows/CVE/blob/master/WP_Plugin_Flickr-rss"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in flickrRSS.php in the flickrRSS plugin 5.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the flickrRSS_tags parameter to wp-admin/options-general.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/AntsKnows/CVE/blob/master/WP_Plugin_Flickr-rss",
"refsource": "MISC",
"url": "https://github.com/AntsKnows/CVE/blob/master/WP_Plugin_Flickr-rss"
}
]
}
}

140
2018/6xxx/CVE-2018-6851.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6851",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer we can control the execution path to the point where the constant DWORD 0 will be written to a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6851",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180706 Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities.",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Jul/20"
},
{
"name" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/",
"refsource" : "MISC",
"url" : "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/"
},
{
"name" : "https://community.sophos.com/kb/en-us/131934",
"refsource" : "CONFIRM",
"url" : "https://community.sophos.com/kb/en-us/131934"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sophos SafeGuard Enterprise before 8.00.5, SafeGuard Easy before 7.00.3, and SafeGuard LAN Crypt before 3.95.2 are vulnerable to Local Privilege Escalation via IOCTL 0x80206040. By crafting an input buffer we can control the execution path to the point where the constant DWORD 0 will be written to a user-controlled address. We can take advantage of this condition to zero-out the pointer to the security descriptor in the object header of a privileged process or modify the security descriptor itself and run code in the context of a process running as SYSTEM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.sophos.com/kb/en-us/131934",
"refsource": "CONFIRM",
"url": "https://community.sophos.com/kb/en-us/131934"
},
{
"name": "20180706 Sophos Safeguard Products - Multiple Privilege Escalation Vulnerabilities.",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Jul/20"
},
{
"name": "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/",
"refsource": "MISC",
"url": "https://labs.nettitude.com/blog/cve-2018-6851-to-cve-2018-6857-sophos-privilege-escalation-vulnerabilities/"
}
]
}
}

122
2018/7xxx/CVE-2018-7235.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cybersecurity@se.com",
"DATE_PUBLIC" : "2018-03-01T00:00:00",
"ID" : "CVE-2018-7235",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Pelco Sarix Professional",
"version" : {
"version_data" : [
{
"version_value" : "all firmware versions prior to 3.29.75"
}
]
}
}
]
},
"vendor_name" : "Schneider Electric SE"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'"
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Command Execution"
}
"CVE_data_meta": {
"ASSIGNER": "cybersecurity@schneider-electric.com",
"DATE_PUBLIC": "2018-03-01T00:00:00",
"ID": "CVE-2018-7235",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Pelco Sarix Professional",
"version": {
"version_data": [
{
"version_value": "all firmware versions prior to 3.29.75"
}
]
}
}
]
},
"vendor_name": "Schneider Electric SE"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/",
"refsource" : "CONFIRM",
"url" : "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions prior to 3.29.67 which could allow arbitrary system file download due to lack of validation of the shell meta characters with the value of 'system.download.sd_file'"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/",
"refsource": "CONFIRM",
"url": "https://www.schneider-electric.com/en/download/document/SEVD-2018-058-01/"
}
]
}
}

34
2018/7xxx/CVE-2018-7310.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7310",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7310",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7627.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7627",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7627",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2018/7xxx/CVE-2018-7637.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7637",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a \"16 colors\" case, aka case 4."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/dtschump/CImg/issues/185",
"refsource" : "MISC",
"url" : "https://github.com/dtschump/CImg/issues/185"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in CImg v.220. A heap-based buffer over-read in load_bmp in CImg.h occurs when loading a crafted bmp image, a different vulnerability than CVE-2018-7588. This is in a \"16 colors\" case, aka case 4."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dtschump/CImg/issues/185",
"refsource": "MISC",
"url": "https://github.com/dtschump/CImg/issues/185"
}
]
}
}

120
2018/7xxx/CVE-2018-7903.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "psirt@huawei.com",
"ID" : "CVE-2018-7903",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "1288H V5; 2288H V5",
"version" : {
"version_data" : [
{
"version_value" : "V100R005C00"
}
]
}
}
]
},
"vendor_name" : "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "JSON injection"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7903",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "1288H V5; 2288H V5",
"version": {
"version_data": [
{
"version_value": "V100R005C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en",
"refsource" : "CONFIRM",
"url" : "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei 1288H V5 and 288H V5 with software of V100R005C00 have a JSON injection vulnerability. An authenticated, remote attacker can launch a JSON injection to modify the password of administrator. Due to insufficient verification of the input, this could be exploited to obtain the management privilege of the system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "JSON injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-json-en"
}
]
}
}

34
2019/5xxx/CVE-2019-5090.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5090",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5090",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2019/5xxx/CVE-2019-5339.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5339",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5339",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2019/5xxx/CVE-2019-5720.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2019-5720",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-5720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/FrontAccountingERP/FA/issues/38",
"refsource" : "MISC",
"url" : "https://github.com/FrontAccountingERP/FA/issues/38"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "includes/db/class.reflines_db.inc in FrontAccounting 2.4.6 contains a SQL Injection vulnerability in the reference field that can allow the attacker to grab the entire database of the application via the void_transaction.php filterType parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/FrontAccountingERP/FA/issues/38",
"refsource": "MISC",
"url": "https://github.com/FrontAccountingERP/FA/issues/38"
}
]
}
}