admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-21 05:40:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 00:47:02 +00:00
parent 00a732d676
commit 7cabe8712c
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
61 changed files with 4904 additions and 4904 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
2005/0xxx/CVE-2005-0228.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0228",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1388. Reason: This candidate is a duplicate of CVE-2004-1388. Notes: All CVE users should reference CVE-2004-1388 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-0228",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1388. Reason: This candidate is a duplicate of CVE-2004-1388. Notes: All CVE users should reference CVE-2004-1388 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
]
}
}

380
2005/0xxx/CVE-2005-0758.json
View File

@ -1,192 +1,192 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0758",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2005-0758",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://docs.info.apple.com/article.html?artnum=306172",
"refsource" : "CONFIRM",
"url" : "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name" : "APPLE-SA-2007-07-31",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name" : "FLSA:158801",
"refsource" : "FEDORA",
"url" : "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
},
{
"name" : "GLSA-200505-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml"
},
{
"name" : "http://bugs.gentoo.org/show_bug.cgi?id=90626",
"refsource" : "MISC",
"url" : "http://bugs.gentoo.org/show_bug.cgi?id=90626"
},
{
"name" : "MDKSA-2006:026",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
},
{
"name" : "MDKSA-2006:027",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2006:027"
},
{
"name" : "OpenPKG-SA-2007.002",
"refsource" : "OPENPKG",
"url" : "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
},
{
"name" : "RHSA-2005:357",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2005-357.html"
},
{
"name" : "RHSA-2005:474",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-474.html"
},
{
"name" : "SCOSA-2005.58",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
},
{
"name" : "20060301-01-U",
"refsource" : "SGI",
"url" : "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
},
{
"name" : "SSA:2006-262",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852"
},
{
"name" : "USN-158-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/usn-158-1"
},
{
"name" : "13582",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13582"
},
{
"name" : "25159",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/25159"
},
{
"name" : "oval:org.mitre.oval:def:9797",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797"
},
{
"name" : "ADV-2007-2732",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name" : "16371",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16371"
},
{
"name" : "oval:org.mitre.oval:def:1081",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081"
},
{
"name" : "oval:org.mitre.oval:def:1107",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107"
},
{
"name" : "1013928",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013928"
},
{
"name" : "18100",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18100"
},
{
"name" : "19183",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19183"
},
{
"name" : "22033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22033"
},
{
"name" : "26235",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/26235"
},
{
"name" : "gzip-zgrep-file-installation(20539)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20539"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-158-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-158-1"
},
{
"name": "16371",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16371"
},
{
"name": "FLSA:158801",
"refsource": "FEDORA",
"url": "http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html"
},
{
"name": "ADV-2007-2732",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2732"
},
{
"name": "MDKSA-2006:027",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:027"
},
{
"name": "22033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22033"
},
{
"name": "RHSA-2005:357",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
},
{
"name": "APPLE-SA-2007-07-31",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html"
},
{
"name": "OpenPKG-SA-2007.002",
"refsource": "OPENPKG",
"url": "http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html"
},
{
"name": "oval:org.mitre.oval:def:9797",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797"
},
{
"name": "oval:org.mitre.oval:def:1107",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107"
},
{
"name": "gzip-zgrep-file-installation(20539)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20539"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=306172",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=306172"
},
{
"name": "GLSA-200505-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml"
},
{
"name": "SCOSA-2005.58",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
},
{
"name": "20060301-01-U",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc"
},
{
"name": "25159",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25159"
},
{
"name": "oval:org.mitre.oval:def:1081",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081"
},
{
"name": "13582",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13582"
},
{
"name": "18100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18100"
},
{
"name": "SSA:2006-262",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852"
},
{
"name": "19183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19183"
},
{
"name": "1013928",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013928"
},
{
"name": "MDKSA-2006:026",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:026"
},
{
"name": "RHSA-2005:474",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-474.html"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=90626",
"refsource": "MISC",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=90626"
},
{
"name": "26235",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26235"
}
]
}
}

160
2005/0xxx/CVE-2005-0765.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0765",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0765",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ethereal.com/appnotes/enpa-sa-00018.html",
"refsource" : "CONFIRM",
"url" : "http://www.ethereal.com/appnotes/enpa-sa-00018.html"
},
{
"name" : "GLSA-200503-16",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200503-16.xml"
},
{
"name" : "MDKSA-2005:053",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:053"
},
{
"name" : "12762",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12762"
},
{
"name" : "oval:org.mitre.oval:def:10048",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10048"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows remote attackers to cause a denial of service (application crash)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200503-16",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-16.xml"
},
{
"name": "MDKSA-2005:053",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:053"
},
{
"name": "oval:org.mitre.oval:def:10048",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10048"
},
{
"name": "http://www.ethereal.com/appnotes/enpa-sa-00018.html",
"refsource": "CONFIRM",
"url": "http://www.ethereal.com/appnotes/enpa-sa-00018.html"
},
{
"name": "12762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12762"
}
]
}
}

150
2005/0xxx/CVE-2005-0865.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0865",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) root, (2) admin, or (3) user users, which allows remote attackers to gain privileges via Telnet or an HTTP request to adsl.cgi."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0865",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-002-samsung-adsl.txt",
"refsource" : "MISC",
"url" : "http://exploitlabs.com/files/advisories/EXPL-A-2005-002-samsung-adsl.txt"
},
{
"name" : "http://zone-h.org/en/advisories/read/id=7339/",
"refsource" : "MISC",
"url" : "http://zone-h.org/en/advisories/read/id=7339/"
},
{
"name" : "12864",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12864"
},
{
"name" : "1013615",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013615"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) root, (2) admin, or (3) user users, which allows remote attackers to gain privileges via Telnet or an HTTP request to adsl.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://exploitlabs.com/files/advisories/EXPL-A-2005-002-samsung-adsl.txt",
"refsource": "MISC",
"url": "http://exploitlabs.com/files/advisories/EXPL-A-2005-002-samsung-adsl.txt"
},
{
"name": "12864",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12864"
},
{
"name": "http://zone-h.org/en/advisories/read/id=7339/",
"refsource": "MISC",
"url": "http://zone-h.org/en/advisories/read/id=7339/"
},
{
"name": "1013615",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013615"
}
]
}
}

170
2005/1xxx/CVE-2005-1056.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1056",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMA01125",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/advisories/8372"
},
{
"name" : "13029",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13029"
},
{
"name" : "15321",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15321"
},
{
"name" : "1013651",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013651"
},
{
"name" : "14865",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14865"
},
{
"name" : "openview-network-node-manager-dos(19993)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19993"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13029",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13029"
},
{
"name": "15321",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15321"
},
{
"name": "1013651",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013651"
},
{
"name": "HPSBMA01125",
"refsource": "HP",
"url": "http://www.securityfocus.com/advisories/8372"
},
{
"name": "openview-network-node-manager-dos(19993)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19993"
},
{
"name": "14865",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14865"
}
]
}
}

310
2005/1xxx/CVE-2005-1228.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1228",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1228",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050420 gzip directory traversal vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111402732406477&w=2"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255"
},
{
"name" : "APPLE-SA-2006-08-01",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name" : "DSA-752",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-752"
},
{
"name" : "RHSA-2005:357",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2005-357.html"
},
{
"name" : "SCOSA-2005.58",
"refsource" : "SCO",
"url" : "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
},
{
"name" : "SSA:2006-262",
"refsource" : "SLACKWARE",
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852"
},
{
"name" : "101816",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1"
},
{
"name" : "TA06-214A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name" : "19289",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/19289"
},
{
"name" : "oval:org.mitre.oval:def:11057",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11057"
},
{
"name" : "ADV-2006-3101",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name" : "15721",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/15721"
},
{
"name" : "oval:org.mitre.oval:def:382",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A382"
},
{
"name" : "oval:org.mitre.oval:def:170",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A170"
},
{
"name" : "15047",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15047"
},
{
"name" : "18100",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18100"
},
{
"name" : "21253",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/21253"
},
{
"name" : "22033",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/22033"
},
{
"name" : "gzip-n-directory-traversal(20199)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20199"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-08-01",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255"
},
{
"name": "15721",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/15721"
},
{
"name": "gzip-n-directory-traversal(20199)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20199"
},
{
"name": "22033",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22033"
},
{
"name": "ADV-2006-3101",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3101"
},
{
"name": "21253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21253"
},
{
"name": "DSA-752",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-752"
},
{
"name": "101816",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1"
},
{
"name": "RHSA-2005:357",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2005-357.html"
},
{
"name": "19289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19289"
},
{
"name": "TA06-214A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-214A.html"
},
{
"name": "15047",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15047"
},
{
"name": "oval:org.mitre.oval:def:382",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A382"
},
{
"name": "oval:org.mitre.oval:def:170",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A170"
},
{
"name": "oval:org.mitre.oval:def:11057",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11057"
},
{
"name": "20050420 gzip directory traversal vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111402732406477&w=2"
},
{
"name": "SCOSA-2005.58",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt"
},
{
"name": "18100",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18100"
},
{
"name": "SSA:2006-262",
"refsource": "SLACKWARE",
"url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852"
}
]
}
}

140
2005/1xxx/CVE-2005-1289.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1289",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050423 E-Cart v1.1 Remote Command Execution",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111428818425864&w=2"
},
{
"name" : "1013780",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013780"
},
{
"name" : "15054",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15054"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1013780",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013780"
},
{
"name": "15054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15054"
},
{
"name": "20050423 E-Cart v1.1 Remote Command Execution",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111428818425864&w=2"
}
]
}
}

200
2005/1xxx/CVE-2005-1796.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1796",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1796",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://ettercap.sourceforge.net/history.php",
"refsource" : "CONFIRM",
"url" : "http://ettercap.sourceforge.net/history.php"
},
{
"name" : "DSA-749",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-749"
},
{
"name" : "GLSA-200506-07",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200506-07.xml"
},
{
"name" : "13820",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13820"
},
{
"name" : "ADV-2005-0670",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0670"
},
{
"name" : "1014084",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014084"
},
{
"name" : "15535",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15535"
},
{
"name" : "15664",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15664"
},
{
"name" : "16000",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16000"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014084",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014084"
},
{
"name": "15535",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15535"
},
{
"name": "DSA-749",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-749"
},
{
"name": "15664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15664"
},
{
"name": "ADV-2005-0670",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0670"
},
{
"name": "http://ettercap.sourceforge.net/history.php",
"refsource": "CONFIRM",
"url": "http://ettercap.sourceforge.net/history.php"
},
{
"name": "GLSA-200506-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200506-07.xml"
},
{
"name": "13820",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13820"
},
{
"name": "16000",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16000"
}
]
}
}

130
2005/3xxx/CVE-2005-3079.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3079",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PunBB before 1.2.8 allows remote attackers to perform \"code inclusion\" via the user language selection."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3079",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.punbb.org/changelogs/1.2.7_to_1.2.8.txt",
"refsource" : "CONFIRM",
"url" : "http://www.punbb.org/changelogs/1.2.7_to_1.2.8.txt"
},
{
"name" : "16908",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16908"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PunBB before 1.2.8 allows remote attackers to perform \"code inclusion\" via the user language selection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.punbb.org/changelogs/1.2.7_to_1.2.8.txt",
"refsource": "CONFIRM",
"url": "http://www.punbb.org/changelogs/1.2.7_to_1.2.8.txt"
},
{
"name": "16908",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16908"
}
]
}
}

260
2005/3xxx/CVE-2005-3300.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3300",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051022 Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113017591414699&w=2"
},
{
"name" : "20051022 Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0478."
},
{
"name" : "http://www.hardened-php.net/advisory_162005.73.html",
"refsource" : "MISC",
"url" : "http://www.hardened-php.net/advisory_162005.73.html"
},
{
"name" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-5",
"refsource" : "CONFIRM",
"url" : "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-5"
},
{
"name" : "DSA-880",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-880"
},
{
"name" : "GLSA-200510-21",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200510-21.xml"
},
{
"name" : "SUSE-SR:2005:028",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name" : "SUSE-SA:2005:066",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2005_66_phpmyadmin.html"
},
{
"name" : "15169",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15169"
},
{
"name" : "1015091",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015091"
},
{
"name" : "17289",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17289/"
},
{
"name" : "17337",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17337"
},
{
"name" : "17559",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17559"
},
{
"name" : "17607",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17607"
},
{
"name" : "phpmyadmin-multiple-scripts-file-include(22835)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22835"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The register_globals emulation layer in grab_globals.php for phpMyAdmin before 2.6.4-pl3 does not perform safety checks on values in the _FILES array for uploaded files, which allows remote attackers to include arbitrary files by using direct requests to library scripts that do not use grab_globals.php, then modifying certain configuration values for the theme."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2005:028",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_28_sr.html"
},
{
"name": "SUSE-SA:2005:066",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_66_phpmyadmin.html"
},
{
"name": "17607",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17607"
},
{
"name": "20051022 Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0478."
},
{
"name": "17559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17559"
},
{
"name": "http://www.hardened-php.net/advisory_162005.73.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_162005.73.html"
},
{
"name": "20051022 Advisory 16/2005: phpMyAdmin Local File Inclusion Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113017591414699&w=2"
},
{
"name": "phpmyadmin-multiple-scripts-file-include(22835)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22835"
},
{
"name": "DSA-880",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-880"
},
{
"name": "17337",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17337"
},
{
"name": "15169",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15169"
},
{
"name": "GLSA-200510-21",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-21.xml"
},
{
"name": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-5",
"refsource": "CONFIRM",
"url": "http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-5"
},
{
"name": "17289",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17289/"
},
{
"name": "1015091",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015091"
}
]
}
}

160
2005/3xxx/CVE-2005-3411.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3411",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2000 3.4.05 allows remote attackers to inject arbitrary web script or HTML via the type parameter in a Topic method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3411",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=60011",
"refsource" : "CONFIRM",
"url" : "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=60011"
},
{
"name" : "15241",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15241"
},
{
"name" : "ADV-2005-2261",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2261"
},
{
"name" : "20421",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20421"
},
{
"name" : "17385",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17385"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2000 3.4.05 allows remote attackers to inject arbitrary web script or HTML via the type parameter in a Topic method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20421",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20421"
},
{
"name": "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=60011",
"refsource": "CONFIRM",
"url": "http://forum.snitz.com/forum/topic.asp?TOPIC_ID=60011"
},
{
"name": "ADV-2005-2261",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2261"
},
{
"name": "15241",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15241"
},
{
"name": "17385",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17385"
}
]
}
}

160
2005/4xxx/CVE-2005-4271.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4271",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051215 Patches available for IBM AIX flaws",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/419577/100/0/threaded"
},
{
"name" : "IY78227",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/search.wss?rs=0&q=IY78227&apar=only"
},
{
"name" : "15881",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15881"
},
{
"name" : "ADV-2005-2947",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2947"
},
{
"name" : "18088",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18088"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "IY78227",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0&q=IY78227&apar=only"
},
{
"name": "15881",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15881"
},
{
"name": "ADV-2005-2947",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2947"
},
{
"name": "18088",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18088"
},
{
"name": "20051215 Patches available for IBM AIX flaws",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419577/100/0/threaded"
}
]
}
}

34
2005/4xxx/CVE-2005-4562.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4562",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was assigned in 2005 to an issue that would not be published until 2006, so new identifiers were assigned. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2005-4562",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was assigned in 2005 to an issue that would not be published until 2006, so new identifiers were assigned. Notes: none."
}
]
}
}

160
2005/4xxx/CVE-2005-4622.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4622",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608 and (2) the argument to upload.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ipomonis.com/advisories/PaQFile_Share.txt",
"refsource" : "MISC",
"url" : "http://www.ipomonis.com/advisories/PaQFile_Share.txt"
},
{
"name" : "16124",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16124"
},
{
"name" : "22151",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/22151"
},
{
"name" : "1015430",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015430"
},
{
"name" : "18279",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18279"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ... (triple dot) in (1) the URL on port 608 and (2) the argument to upload.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1015430",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015430"
},
{
"name": "16124",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16124"
},
{
"name": "22151",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22151"
},
{
"name": "http://www.ipomonis.com/advisories/PaQFile_Share.txt",
"refsource": "MISC",
"url": "http://www.ipomonis.com/advisories/PaQFile_Share.txt"
},
{
"name": "18279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18279"
}
]
}
}

140
2005/4xxx/CVE-2005-4650.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4650",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Joomla! 1.03 does not restrict the number of \"Search\" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.joomla.org/content/view/499/66/",
"refsource" : "CONFIRM",
"url" : "http://www.joomla.org/content/view/499/66/"
},
{
"name" : "21041",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21041"
},
{
"name" : "17675",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17675"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Joomla! 1.03 does not restrict the number of \"Search\" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21041",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21041"
},
{
"name": "http://www.joomla.org/content/view/499/66/",
"refsource": "CONFIRM",
"url": "http://www.joomla.org/content/view/499/66/"
},
{
"name": "17675",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17675"
}
]
}
}

320
2009/0xxx/CVE-2009-0034.json
View File

@ -1,162 +1,162 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0034",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090129 rPSA-2009-0021-1 sudo",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500546/100/0/threaded"
},
{
"name" : "20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
},
{
"name" : "[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
},
{
"name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0021",
"refsource" : "CONFIRM",
"url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0021"
},
{
"name" : "http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327",
"refsource" : "CONFIRM",
"url" : "http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327"
},
{
"name" : "http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h",
"refsource" : "CONFIRM",
"url" : "http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=468923",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=468923"
},
{
"name" : "https://issues.rpath.com/browse/RPL-2954",
"refsource" : "CONFIRM",
"url" : "https://issues.rpath.com/browse/RPL-2954"
},
{
"name" : "http://www.vmware.com/security/advisories/VMSA-2009-0009.html",
"refsource" : "CONFIRM",
"url" : "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
},
{
"name" : "MDVSA-2009:033",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:033"
},
{
"name" : "RHSA-2009:0267",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0267.html"
},
{
"name" : "33517",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33517"
},
{
"name" : "51736",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51736"
},
{
"name" : "oval:org.mitre.oval:def:10856",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10856"
},
{
"name" : "oval:org.mitre.oval:def:6462",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6462"
},
{
"name" : "1021688",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021688"
},
{
"name" : "33753",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33753"
},
{
"name" : "33885",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33885"
},
{
"name" : "33840",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33840"
},
{
"name" : "35766",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35766"
},
{
"name" : "ADV-2009-1865",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1865"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33885",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33885"
},
{
"name": "51736",
"refsource": "OSVDB",
"url": "http://osvdb.org/51736"
},
{
"name": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h",
"refsource": "CONFIRM",
"url": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h"
},
{
"name": "35766",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35766"
},
{
"name": "1021688",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021688"
},
{
"name": "33517",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33517"
},
{
"name": "https://issues.rpath.com/browse/RPL-2954",
"refsource": "CONFIRM",
"url": "https://issues.rpath.com/browse/RPL-2954"
},
{
"name": "MDVSA-2009:033",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:033"
},
{
"name": "ADV-2009-1865",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1865"
},
{
"name": "33753",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33753"
},
{
"name": "RHSA-2009:0267",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0267.html"
},
{
"name": "[Security-announce] 20090710 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html"
},
{
"name": "20090129 rPSA-2009-0021-1 sudo",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500546/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:6462",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6462"
},
{
"name": "33840",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33840"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0021",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0021"
},
{
"name": "20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded"
},
{
"name": "oval:org.mitre.oval:def:10856",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10856"
},
{
"name": "http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327",
"refsource": "CONFIRM",
"url": "http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=468923",
"refsource": "CONFIRM",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=468923"
}
]
}
}

140
2009/0xxx/CVE-2009-0301.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0301",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1) SaveFile and (2) ExportToXML methods."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0301",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7868",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7868"
},
{
"name" : "33453",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33453"
},
{
"name" : "33664",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33664"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1) SaveFile and (2) ExportToXML methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7868",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7868"
},
{
"name": "33453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33453"
},
{
"name": "33664",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33664"
}
]
}
}

160
2009/0xxx/CVE-2009-0422.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0422",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090114 phpList <= 2.10.8 Local File inclusion",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/500057/100/0/threaded"
},
{
"name" : "7778",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7778"
},
{
"name" : "http://www.bugreport.ir/index_60.htm",
"refsource" : "MISC",
"url" : "http://www.bugreport.ir/index_60.htm"
},
{
"name" : "33533",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33533"
},
{
"name" : "phplist-indexphp-file-include(47945)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/47945"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dynamic variable evaluation vulnerability in lists/admin.php in phpList 2.10.8 and earlier, when register_globals is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the _SERVER[ConfigFile] parameter to admin/index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "phplist-indexphp-file-include(47945)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47945"
},
{
"name": "33533",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33533"
},
{
"name": "http://www.bugreport.ir/index_60.htm",
"refsource": "MISC",
"url": "http://www.bugreport.ir/index_60.htm"
},
{
"name": "20090114 phpList <= 2.10.8 Local File inclusion",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500057/100/0/threaded"
},
{
"name": "7778",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7778"
}
]
}
}

140
2009/0xxx/CVE-2009-0437.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0437",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "PK67405",
"refsource" : "AIXAPAR",
"url" : "http://www-1.ibm.com/support/docview.wss?uid=swg1PK67405"
},
{
"name" : "33849",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33849"
},
{
"name" : "websphere-install-log-info-disclosure(48527)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48527"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Installation Factory installation process for IBM WebSphere Application Server (WAS) 6.0.2 on Windows, when WAS is registered as a Windows service, allows local users to obtain sensitive information by reading the logs/instconfigifwas6.log log file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "PK67405",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK67405"
},
{
"name": "33849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33849"
},
{
"name": "websphere-install-log-info-disclosure(48527)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48527"
}
]
}
}

150
2009/0xxx/CVE-2009-0650.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0650",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 and earlier, and possibly 5.02, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a STATS line with a long pwd field. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0650",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8058",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8058"
},
{
"name" : "33785",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33785"
},
{
"name" : "33972",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33972"
},
{
"name" : "tptest-pwd-bo(48781)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48781"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the GetStatsFromLine function in TPTEST 3.1.7 and earlier, and possibly 5.02, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a STATS line with a long pwd field. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "tptest-pwd-bo(48781)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48781"
},
{
"name": "33972",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33972"
},
{
"name": "33785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33785"
},
{
"name": "8058",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8058"
}
]
}
}

140
2009/0xxx/CVE-2009-0804.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0804",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0804",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.kb.cert.org/vuls/id/MAPG-7N9GN8",
"refsource" : "CONFIRM",
"url" : "http://www.kb.cert.org/vuls/id/MAPG-7N9GN8"
},
{
"name" : "VU#435052",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/435052"
},
{
"name" : "33858",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33858"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ziproxy 2.6.0, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "33858",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33858"
},
{
"name": "VU#435052",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/435052"
},
{
"name": "http://www.kb.cert.org/vuls/id/MAPG-7N9GN8",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MAPG-7N9GN8"
}
]
}
}

160
2009/1xxx/CVE-2009-1670.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1670",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8626",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8626"
},
{
"name" : "34866",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34866"
},
{
"name" : "54282",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54282"
},
{
"name" : "34966",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34966"
},
{
"name" : "tcpdb-userpage-security-bypass(50371)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50371"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34866"
},
{
"name": "8626",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8626"
},
{
"name": "34966",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34966"
},
{
"name": "54282",
"refsource": "OSVDB",
"url": "http://osvdb.org/54282"
},
{
"name": "tcpdb-userpage-security-bypass(50371)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50371"
}
]
}
}

130
2009/3xxx/CVE-2009-3437.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3437",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via \"Markdown input.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://drupal.org/node/585790",
"refsource" : "CONFIRM",
"url" : "http://drupal.org/node/585790"
},
{
"name" : "36505",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36505"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the live preview feature in the Markdown Preview module 6.x for Drupal allows remote attackers to inject arbitrary web script or HTML via \"Markdown input.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/node/585790",
"refsource": "CONFIRM",
"url": "http://drupal.org/node/585790"
},
{
"name": "36505",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36505"
}
]
}
}

130
2009/3xxx/CVE-2009-3540.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3540",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWorld Ultra Classifieds Pro allows remote attackers to inject arbitrary web script or HTML via the cn parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3540",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "35857",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35857"
},
{
"name" : "ADV-2009-1965",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1965"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in listads.php in YourFreeWorld Ultra Classifieds Pro allows remote attackers to inject arbitrary web script or HTML via the cn parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-1965",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1965"
},
{
"name": "35857",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35857"
}
]
}
}

460
2009/3xxx/CVE-2009-3603.json
View File

@ -1,232 +1,232 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3603",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3603",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch",
"refsource" : "CONFIRM",
"url" : "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name" : "http://poppler.freedesktop.org/",
"refsource" : "CONFIRM",
"url" : "http://poppler.freedesktop.org/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=526915",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=526915"
},
{
"name" : "DSA-2028",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2028"
},
{
"name" : "DSA-2050",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2010/dsa-2050"
},
{
"name" : "FEDORA-2009-10823",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"name" : "FEDORA-2009-10845",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name" : "FEDORA-2010-1377",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"name" : "FEDORA-2010-1805",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name" : "FEDORA-2010-1842",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"name" : "MDVSA-2009:287",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"name" : "MDVSA-2010:087",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name" : "MDVSA-2011:175",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name" : "RHSA-2009:1504",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"name" : "274030",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name" : "1021706",
"refsource" : "SUNALERT",
"url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name" : "SUSE-SR:2009:018",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name" : "USN-850-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name" : "USN-850-3",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-850-3"
},
{
"name" : "36703",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36703"
},
{
"name" : "oval:org.mitre.oval:def:9671",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9671"
},
{
"name" : "1023029",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1023029"
},
{
"name" : "37034",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37034"
},
{
"name" : "37053",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37053"
},
{
"name" : "37054",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37054"
},
{
"name" : "37159",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37159"
},
{
"name" : "37114",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37114"
},
{
"name" : "39327",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39327"
},
{
"name" : "39938",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39938"
},
{
"name" : "ADV-2009-2924",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name" : "ADV-2009-2925",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2925"
},
{
"name" : "ADV-2010-0802",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name" : "ADV-2010-1040",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name" : "ADV-2010-1220",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name" : "xpdf-splashbitmap-bo(53793)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53793"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "39938",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39938"
},
{
"name": "RHSA-2009:1504",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2009-1504.html"
},
{
"name": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch",
"refsource": "CONFIRM",
"url": "ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch"
},
{
"name": "MDVSA-2009:287",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:287"
},
{
"name": "FEDORA-2010-1377",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035408.html"
},
{
"name": "FEDORA-2009-10823",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00750.html"
},
{
"name": "http://poppler.freedesktop.org/",
"refsource": "CONFIRM",
"url": "http://poppler.freedesktop.org/"
},
{
"name": "SUSE-SR:2009:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html"
},
{
"name": "DSA-2028",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2028"
},
{
"name": "DSA-2050",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2010/dsa-2050"
},
{
"name": "37159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37159"
},
{
"name": "37054",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37054"
},
{
"name": "FEDORA-2010-1805",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035340.html"
},
{
"name": "1021706",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021706.1-1"
},
{
"name": "FEDORA-2009-10845",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-October/msg00784.html"
},
{
"name": "37114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37114"
},
{
"name": "1023029",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1023029"
},
{
"name": "MDVSA-2011:175",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:175"
},
{
"name": "ADV-2010-1040",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1040"
},
{
"name": "USN-850-3",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-850-3"
},
{
"name": "ADV-2010-0802",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0802"
},
{
"name": "FEDORA-2010-1842",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035399.html"
},
{
"name": "xpdf-splashbitmap-bo(53793)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53793"
},
{
"name": "37034",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37034"
},
{
"name": "ADV-2009-2924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2924"
},
{
"name": "MDVSA-2010:087",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:087"
},
{
"name": "274030",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274030-1"
},
{
"name": "ADV-2010-1220",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1220"
},
{
"name": "USN-850-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-850-1"
},
{
"name": "37053",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37053"
},
{
"name": "39327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39327"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=526915",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=526915"
},
{
"name": "oval:org.mitre.oval:def:9671",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9671"
},
{
"name": "36703",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36703"
},
{
"name": "ADV-2009-2925",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2925"
}
]
}
}

34
2009/3xxx/CVE-2009-3768.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3768",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3768",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

150
2009/4xxx/CVE-2009-4385.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4385",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0912-exploits/ezpollhoster-xssxsrf.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0912-exploits/ezpollhoster-xssxsrf.txt"
},
{
"name" : "10439",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10439"
},
{
"name" : "37716",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37716"
},
{
"name" : "ADV-2009-3529",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3529"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in Scriptsez.net Ez Poll Hoster (EPH) allow remote attackers to (1) hijack the authentication of arbitrary users for requests that delete polls via the delete_poll action to index.php; and hijack the authentication of administrators for requests that (2) delete users via the manage action to admin.php, or (3) send arbitrary email to arbitrary users in the email action to admin.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-3529",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3529"
},
{
"name": "37716",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37716"
},
{
"name": "10439",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10439"
},
{
"name": "http://packetstormsecurity.org/0912-exploits/ezpollhoster-xssxsrf.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0912-exploits/ezpollhoster-xssxsrf.txt"
}
]
}
}

120
2009/4xxx/CVE-2009-4399.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4399",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4399",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}

140
2009/4xxx/CVE-2009-4432.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4432",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4432",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0912-exploits/videocms-sql.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0912-exploits/videocms-sql.txt"
},
{
"name" : "10586",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/10586"
},
{
"name" : "37889",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37889"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 allows remote attackers to execute arbitrary SQL commands via the v parameter in a video action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37889",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37889"
},
{
"name": "http://packetstormsecurity.org/0912-exploits/videocms-sql.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0912-exploits/videocms-sql.txt"
},
{
"name": "10586",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/10586"
}
]
}
}

140
2009/4xxx/CVE-2009-4948.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4948",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4948",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/extensions/repository/view/locator/1.2.8/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/extensions/repository/view/locator/1.2.8/"
},
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
},
{
"name" : "34573",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34573"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "34573",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34573"
},
{
"name": "http://typo3.org/extensions/repository/view/locator/1.2.8/",
"refsource": "CONFIRM",
"url": "http://typo3.org/extensions/repository/view/locator/1.2.8/"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-005/"
}
]
}
}

150
2012/2xxx/CVE-2012-2028.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2028",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-2028",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-11.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-11.html"
},
{
"name" : "53421",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53421"
},
{
"name" : "1027046",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027046"
},
{
"name" : "photoshop-unspec-bo(75457)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75457"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "53421",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53421"
},
{
"name": "1027046",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027046"
},
{
"name": "photoshop-unspec-bo(75457)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75457"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-11.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-11.html"
}
]
}
}

150
2012/2xxx/CVE-2012-2176.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2176",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2012-2176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.ibm.com/support/docview.wss?uid=swg21596191",
"refsource" : "CONFIRM",
"url" : "http://www.ibm.com/support/docview.wss?uid=swg21596191"
},
{
"name" : "53678",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53678"
},
{
"name" : "1027097",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027097"
},
{
"name" : "lotusquickr-activex-bo(75322)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75322"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argument to the (1) Attachment_Times or (2) Import_Times method."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1027097",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027097"
},
{
"name": "lotusquickr-activex-bo(75322)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75322"
},
{
"name": "http://www.ibm.com/support/docview.wss?uid=swg21596191",
"refsource": "CONFIRM",
"url": "http://www.ibm.com/support/docview.wss?uid=swg21596191"
},
{
"name": "53678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53678"
}
]
}
}

170
2012/2xxx/CVE-2012-2210.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2210",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to CVE-1999-0116."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2210",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120405 Sony Bravia Remote Denial of Service - CVE-2012-2210",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-04/0043.html"
},
{
"name" : "18705",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/18705/"
},
{
"name" : "80957",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/80957"
},
{
"name" : "1026891",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1026891"
},
{
"name" : "48705",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48705"
},
{
"name" : "sony-braviatv-dos(74644)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/74644"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a denial of service (configuration outage or device crash) via a flood of TCP SYN packets, as demonstrated by hping, a related issue to CVE-1999-0116."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "48705",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48705"
},
{
"name": "18705",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18705/"
},
{
"name": "1026891",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1026891"
},
{
"name": "sony-braviatv-dos(74644)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74644"
},
{
"name": "80957",
"refsource": "OSVDB",
"url": "http://osvdb.org/80957"
},
{
"name": "20120405 Sony Bravia Remote Denial of Service - CVE-2012-2210",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-04/0043.html"
}
]
}
}

34
2012/2xxx/CVE-2012-2295.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2295",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-2295",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

170
2012/2xxx/CVE-2012-2591.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2591",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2012-2591",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20349",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/20349"
},
{
"name" : "http://packetstormsecurity.org/files/115354/EmailArchitect-Enterprise-Email-Server-10.0-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/115354/EmailArchitect-Enterprise-Email-Server-10.0-Cross-Site-Scripting.html"
},
{
"name" : "54896",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/54896"
},
{
"name" : "84520",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/84520"
},
{
"name" : "50203",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50203"
},
{
"name" : "emailarchitect-from-date-xss(77514)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/77514"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect Email Server 10.0 and 10.0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) From or (2) Date field in an email."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/115354/EmailArchitect-Enterprise-Email-Server-10.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/115354/EmailArchitect-Enterprise-Email-Server-10.0-Cross-Site-Scripting.html"
},
{
"name": "20349",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/20349"
},
{
"name": "54896",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/54896"
},
{
"name": "50203",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50203"
},
{
"name": "emailarchitect-from-date-xss(77514)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/77514"
},
{
"name": "84520",
"refsource": "OSVDB",
"url": "http://osvdb.org/84520"
}
]
}
}

170
2012/6xxx/CVE-2012-6112.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6112",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20130121 Moodle security notifications public",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2013/01/21/1"
},
{
"name" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283",
"refsource" : "CONFIRM",
"url" : "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283"
},
{
"name" : "http://www.tinymce.com/develop/changelog/?type=phpspell",
"refsource" : "CONFIRM",
"url" : "http://www.tinymce.com/develop/changelog/?type=phpspell"
},
{
"name" : "http://www.tinymce.com/forum/viewtopic.php?id=30036",
"refsource" : "CONFIRM",
"url" : "http://www.tinymce.com/forum/viewtopic.php?id=30036"
},
{
"name" : "https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974",
"refsource" : "CONFIRM",
"url" : "https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974"
},
{
"name" : "https://moodle.org/mod/forum/discuss.php?d=220157",
"refsource" : "CONFIRM",
"url" : "https://moodle.org/mod/forum/discuss.php?d=220157"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974",
"refsource": "CONFIRM",
"url": "https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974"
},
{
"name": "http://www.tinymce.com/forum/viewtopic.php?id=30036",
"refsource": "CONFIRM",
"url": "http://www.tinymce.com/forum/viewtopic.php?id=30036"
},
{
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283",
"refsource": "CONFIRM",
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283"
},
{
"name": "http://www.tinymce.com/develop/changelog/?type=phpspell",
"refsource": "CONFIRM",
"url": "http://www.tinymce.com/develop/changelog/?type=phpspell"
},
{
"name": "[oss-security] 20130121 Moodle security notifications public",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2013/01/21/1"
},
{
"name": "https://moodle.org/mod/forum/discuss.php?d=220157",
"refsource": "CONFIRM",
"url": "https://moodle.org/mod/forum/discuss.php?d=220157"
}
]
}
}

34
2015/0xxx/CVE-2015-0270.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0270",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-0270",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

240
2015/1xxx/CVE-2015-1351.json
View File

@ -1,122 +1,122 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1351",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150124 Re: CVE Request: PHP",
"refsource" : "MLIST",
"url" : "http://openwall.com/lists/oss-security/2015/01/24/9"
},
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115"
},
{
"name" : "https://bugs.php.net/bug.php?id=68677",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=68677"
},
{
"name" : "https://support.apple.com/HT205267",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205267"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "APPLE-SA-2015-09-30-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name" : "GLSA-201606-10",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201606-10"
},
{
"name" : "MDVSA-2015:079",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:079"
},
{
"name" : "RHSA-2015:1053",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1053.html"
},
{
"name" : "RHSA-2015:1066",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1066.html"
},
{
"name" : "71929",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/71929"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "71929",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/71929"
},
{
"name": "[oss-security] 20150124 Re: CVE Request: PHP",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2015/01/24/9"
},
{
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name": "https://bugs.php.net/bug.php?id=68677",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=68677"
},
{
"name": "MDVSA-2015:079",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:079"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name": "RHSA-2015:1053",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1053.html"
},
{
"name": "GLSA-201606-10",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201606-10"
},
{
"name": "http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115"
},
{
"name": "RHSA-2015:1066",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html"
}
]
}
}

120
2015/1xxx/CVE-2015-1619.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1619",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1619",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10099",
"refsource" : "CONFIRM",
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10099"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10099",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10099"
}
]
}
}

290
2015/5xxx/CVE-2015-5165.json
View File

@ -1,147 +1,147 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5165",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5165",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://xenbits.xen.org/xsa/advisory-140.html",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xen.org/xsa/advisory-140.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "http://support.citrix.com/article/CTX201717",
"refsource" : "CONFIRM",
"url" : "http://support.citrix.com/article/CTX201717"
},
{
"name" : "DSA-3348",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3348"
},
{
"name" : "DSA-3349",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3349"
},
{
"name" : "FEDORA-2015-15944",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html"
},
{
"name" : "FEDORA-2015-15946",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html"
},
{
"name" : "FEDORA-2015-14361",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html"
},
{
"name" : "RHSA-2015:1739",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1739.html"
},
{
"name" : "RHSA-2015:1740",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1740.html"
},
{
"name" : "RHSA-2015:1793",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1793.html"
},
{
"name" : "RHSA-2015:1833",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1833.html"
},
{
"name" : "RHSA-2015:1674",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1674.html"
},
{
"name" : "RHSA-2015:1683",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1683.html"
},
{
"name" : "SUSE-SU-2015:1643",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"name" : "SUSE-SU-2015:1421",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html"
},
{
"name" : "76153",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76153"
},
{
"name" : "1033176",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033176"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The C+ mode offload emulation in the RTL8139 network card device model in QEMU, as used in Xen 4.5.x and earlier, allows remote attackers to read process heap memory via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2015:1674",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1674.html"
},
{
"name": "1033176",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033176"
},
{
"name": "SUSE-SU-2015:1643",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00027.html"
},
{
"name": "DSA-3348",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3348"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "http://support.citrix.com/article/CTX201717",
"refsource": "CONFIRM",
"url": "http://support.citrix.com/article/CTX201717"
},
{
"name": "RHSA-2015:1683",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1683.html"
},
{
"name": "RHSA-2015:1793",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1793.html"
},
{
"name": "DSA-3349",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3349"
},
{
"name": "FEDORA-2015-15944",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167820.html"
},
{
"name": "FEDORA-2015-14361",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165373.html"
},
{
"name": "RHSA-2015:1833",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1833.html"
},
{
"name": "FEDORA-2015-15946",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167792.html"
},
{
"name": "SUSE-SU-2015:1421",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00018.html"
},
{
"name": "RHSA-2015:1740",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1740.html"
},
{
"name": "RHSA-2015:1739",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1739.html"
},
{
"name": "76153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76153"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-140.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-140.html"
}
]
}
}

220
2015/5xxx/CVE-2015-5213.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5213",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5213",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.libreoffice.org/about-us/security/advisories/cve-2015-5213/",
"refsource" : "CONFIRM",
"url" : "http://www.libreoffice.org/about-us/security/advisories/cve-2015-5213/"
},
{
"name" : "http://www.openoffice.org/security/cves/CVE-2015-5213.html",
"refsource" : "CONFIRM",
"url" : "http://www.openoffice.org/security/cves/CVE-2015-5213.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "DSA-3394",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3394"
},
{
"name" : "GLSA-201603-05",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-05"
},
{
"name" : "GLSA-201611-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201611-03"
},
{
"name" : "RHSA-2015:2619",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2619.html"
},
{
"name" : "USN-2793-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2793-1"
},
{
"name" : "77486",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/77486"
},
{
"name" : "1034085",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034085"
},
{
"name" : "1034091",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034091"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a long DOC file, which triggers a buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1034085",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034085"
},
{
"name": "GLSA-201611-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201611-03"
},
{
"name": "1034091",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034091"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name": "RHSA-2015:2619",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2619.html"
},
{
"name": "USN-2793-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2793-1"
},
{
"name": "77486",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/77486"
},
{
"name": "http://www.openoffice.org/security/cves/CVE-2015-5213.html",
"refsource": "CONFIRM",
"url": "http://www.openoffice.org/security/cves/CVE-2015-5213.html"
},
{
"name": "http://www.libreoffice.org/about-us/security/advisories/cve-2015-5213/",
"refsource": "CONFIRM",
"url": "http://www.libreoffice.org/about-us/security/advisories/cve-2015-5213/"
},
{
"name": "GLSA-201603-05",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-05"
},
{
"name": "DSA-3394",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3394"
}
]
}
}

34
2015/5xxx/CVE-2015-5238.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5238",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5238",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2015/5xxx/CVE-2015-5323.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5323",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"refsource" : "CONFIRM",
"url" : "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
},
{
"name" : "RHSA-2016:0070",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"name" : "RHSA-2016:0489",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0489.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict access to API tokens which might allow remote administrators to gain privileges and run scripts by using an API token of another user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2016:0489",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html"
},
{
"name": "RHSA-2016:0070",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:0070"
},
{
"name": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
"refsource": "CONFIRM",
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11"
}
]
}
}

120
2015/5xxx/CVE-2015-5464.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5464",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5464",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.safenet-inc.com/technical-support/security-updates/",
"refsource" : "CONFIRM",
"url" : "http://www.safenet-inc.com/technical-support/security-updates/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Gemalto SafeNet Luna HSM allows remote authenticated users to bypass intended key-export restrictions by leveraging (1) crypto-user or (2) crypto-officer access to an HSM partition."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.safenet-inc.com/technical-support/security-updates/",
"refsource": "CONFIRM",
"url": "http://www.safenet-inc.com/technical-support/security-updates/"
}
]
}
}

200
2015/5xxx/CVE-2015-5739.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5739",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by \"Content Length\" instead of \"Content-Length.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5739",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20150729 CVE Request - Go net/http library - HTTP smuggling",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q3/237"
},
{
"name" : "[oss-security] 20150804 CVE Request - Go net/http library - HTTP smuggling",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q3/292"
},
{
"name" : "[oss-security] 20150805 Re: CVE Request - Go net/http library - HTTP smuggling",
"refsource" : "MLIST",
"url" : "http://seclists.org/oss-sec/2015/q3/294"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1250352",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1250352"
},
{
"name" : "https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9",
"refsource" : "CONFIRM",
"url" : "https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9"
},
{
"name" : "FEDORA-2015-15618",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html"
},
{
"name" : "FEDORA-2015-15619",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html"
},
{
"name" : "RHSA-2016:1538",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1538.html"
},
{
"name" : "76281",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76281"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The net/http library in net/textproto/reader.go in Go before 1.4.3 does not properly parse HTTP header keys, which allows remote attackers to conduct HTTP request smuggling attacks via a space instead of a hyphen, as demonstrated by \"Content Length\" instead of \"Content-Length.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20150804 CVE Request - Go net/http library - HTTP smuggling",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q3/292"
},
{
"name": "FEDORA-2015-15619",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/167997.html"
},
{
"name": "FEDORA-2015-15618",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168029.html"
},
{
"name": "RHSA-2016:1538",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1538.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1250352",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1250352"
},
{
"name": "[oss-security] 20150805 Re: CVE Request - Go net/http library - HTTP smuggling",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q3/294"
},
{
"name": "[oss-security] 20150729 CVE Request - Go net/http library - HTTP smuggling",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2015/q3/237"
},
{
"name": "76281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76281"
},
{
"name": "https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9",
"refsource": "CONFIRM",
"url": "https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9"
}
]
}
}

140
2018/11xxx/CVE-2018-11171.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11171",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11171",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/71"
},
{
"name" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html"
},
{
"name" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities",
"refsource" : "MISC",
"url" : "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Quest DR Series Disk Backup software version before 4.0.3.1 allows command injection (issue 29 of 46)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180531 [CORE-2018-0002] - Quest DR Series Disk Backup Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/71"
},
{
"name": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/148003/Quest-DR-Series-Disk-Backup-Software-4.0.3-Code-Execution.html"
},
{
"name": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities",
"refsource": "MISC",
"url": "https://www.coresecurity.com/advisories/quest-dr-series-disk-backup-multiple-vulnerabilities"
}
]
}
}

140
2018/11xxx/CVE-2018-11590.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11590",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/espruino/Espruino/commit/a0d7f432abee692402c00e8b615ff5982dde9780",
"refsource" : "MISC",
"url" : "https://github.com/espruino/Espruino/commit/a0d7f432abee692402c00e8b615ff5982dde9780"
},
{
"name" : "https://github.com/espruino/Espruino/files/2019243/so_0.txt",
"refsource" : "MISC",
"url" : "https://github.com/espruino/Espruino/files/2019243/so_0.txt"
},
{
"name" : "https://github.com/espruino/Espruino/issues/1427",
"refsource" : "MISC",
"url" : "https://github.com/espruino/Espruino/issues/1427"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack size detection on Linux in jsutils.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/espruino/Espruino/issues/1427",
"refsource": "MISC",
"url": "https://github.com/espruino/Espruino/issues/1427"
},
{
"name": "https://github.com/espruino/Espruino/commit/a0d7f432abee692402c00e8b615ff5982dde9780",
"refsource": "MISC",
"url": "https://github.com/espruino/Espruino/commit/a0d7f432abee692402c00e8b615ff5982dde9780"
},
{
"name": "https://github.com/espruino/Espruino/files/2019243/so_0.txt",
"refsource": "MISC",
"url": "https://github.com/espruino/Espruino/files/2019243/so_0.txt"
}
]
}
}

140
2018/11xxx/CVE-2018-11842.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "product-security@qualcomm.com",
"ID" : "CVE-2018-11842",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory. In case the mem allocation fails driver does a mem free though the memory was not allocated."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Use of Uninitialized Variable in WLAN"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-11842",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android for MSM, Firefox OS for MSM, QRD Android",
"version": {
"version_data": [
{
"version_value": "All Android releases from CAF using the Linux kernel"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=5eea70b9d5852e468467c1565927dbe0c76d8674",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=5eea70b9d5852e468467c1565927dbe0c76d8674"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
"url" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory. In case the mem allocation fails driver does a mem free though the memory was not allocated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Uninitialized Variable in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource": "CONFIRM",
"url": "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin"
},
{
"name": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components"
},
{
"name": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=5eea70b9d5852e468467c1565927dbe0c76d8674",
"refsource": "CONFIRM",
"url": "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=5eea70b9d5852e468467c1565927dbe0c76d8674"
}
]
}
}

166
2018/3xxx/CVE-2018-3029.json
View File

@ -1,85 +1,85 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3029",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "FLEXCUBE Investor Servicing",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.0.4"
},
{
"version_affected" : "=",
"version_value" : "12.1.0"
},
{
"version_affected" : "=",
"version_value" : "12.3.0"
},
{
"version_affected" : "=",
"version_value" : "12.4.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FLEXCUBE Investor Servicing",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.0.4"
},
{
"version_affected": "=",
"version_value": "12.1.0"
},
{
"version_affected": "=",
"version_value": "12.3.0"
},
{
"version_affected": "=",
"version_value": "12.4.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104793",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104793"
},
{
"name" : "1041307",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041307"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure). Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "1041307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041307"
},
{
"name": "104793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104793"
}
]
}
}

150
2018/3xxx/CVE-2018-3192.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3192",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PeopleSoft Enterprise PT PeopleTools",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.55"
},
{
"version_affected" : "=",
"version_value" : "8.56"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.55"
},
{
"version_affected": "=",
"version_value": "8.56"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105598",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105598"
},
{
"name" : "1041891",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041891"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105598",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105598"
},
{
"name": "1041891",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041891"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
}

158
2018/3xxx/CVE-2018-3205.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3205",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "PeopleSoft Enterprise PT PeopleTools",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "8.55"
},
{
"version_affected" : "=",
"version_value" : "8.56"
},
{
"version_affected" : "=",
"version_value" : "8.57"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3205",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PeopleSoft Enterprise PT PeopleTools",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "8.55"
},
{
"version_affected": "=",
"version_value": "8.56"
},
{
"version_affected": "=",
"version_value": "8.57"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105609",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105609"
},
{
"name" : "1041891",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041891"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Workflow). Supported versions that are affected are 8.55, 8.56 and 8.57. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041891",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041891"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "105609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105609"
}
]
}
}

198
2018/3xxx/CVE-2018-3256.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3256",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Email Center",
"version" : {
"version_data" : [
{
"version_affected" : "=",
"version_value" : "12.1.1"
},
{
"version_affected" : "=",
"version_value" : "12.1.2"
},
{
"version_affected" : "=",
"version_value" : "12.1.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.3"
},
{
"version_affected" : "=",
"version_value" : "12.2.4"
},
{
"version_affected" : "=",
"version_value" : "12.2.5"
},
{
"version_affected" : "=",
"version_value" : "12.2.6"
},
{
"version_affected" : "=",
"version_value" : "12.2.7"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Email Center accessible data."
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3256",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Email Center",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.1.1"
},
{
"version_affected": "=",
"version_value": "12.1.2"
},
{
"version_affected": "=",
"version_value": "12.1.3"
},
{
"version_affected": "=",
"version_value": "12.2.3"
},
{
"version_affected": "=",
"version_value": "12.2.4"
},
{
"version_affected": "=",
"version_value": "12.2.5"
},
{
"version_affected": "=",
"version_value": "12.2.6"
},
{
"version_affected": "=",
"version_value": "12.2.7"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105631",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105631"
},
{
"name" : "1041897",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041897"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: Message Display). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Email Center accessible data. CVSS 3.0 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Email Center. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Email Center, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Email Center accessible data."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041897",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041897"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "105631",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105631"
}
]
}
}

34
2018/3xxx/CVE-2018-3488.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3488",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3488",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/3xxx/CVE-2018-3549.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3549",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3549",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/7xxx/CVE-2018-7573.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7573",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44596",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44596/"
},
{
"name" : "44968",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44968/"
},
{
"name" : "https://cxsecurity.com/issue/WLB-2018030011",
"refsource" : "MISC",
"url" : "https://cxsecurity.com/issue/WLB-2018030011"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in FTPShell Client 6.7. A remote FTP server can send 400 characters of 'F' in conjunction with the FTP 220 response code to crash the application; after this overflow, one can run arbitrary code on the victim machine. This is similar to CVE-2009-3364 and CVE-2017-6465."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44968",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44968/"
},
{
"name": "https://cxsecurity.com/issue/WLB-2018030011",
"refsource": "MISC",
"url": "https://cxsecurity.com/issue/WLB-2018030011"
},
{
"name": "44596",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44596/"
}
]
}
}

130
2018/7xxx/CVE-2018-7869.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7869",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which will lead to a denial of service attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260",
"refsource" : "MISC",
"url" : "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260"
},
{
"name" : "https://github.com/libming/libming/issues/119",
"refsource" : "MISC",
"url" : "https://github.com/libming/libming/issues/119"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a memory leak triggered in the function dcinit of util/decompile.c in libming 0.4.8, which will lead to a denial of service attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892260"
},
{
"name": "https://github.com/libming/libming/issues/119",
"refsource": "MISC",
"url": "https://github.com/libming/libming/issues/119"
}
]
}
}

190
2018/8xxx/CVE-2018-8276.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8276",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
}
]
}
},
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
{
"version_value" : "ChakraCore"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka \"Scripting Engine Security Feature Bypass Vulnerability.\" This affects Microsoft Edge, ChakraCore."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8276",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
}
]
}
},
{
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value": "ChakraCore"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8276",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8276"
},
{
"name" : "104626",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104626"
},
{
"name" : "1041256",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041256"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka \"Scripting Engine Security Feature Bypass Vulnerability.\" This affects Microsoft Edge, ChakraCore."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1041256",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041256"
},
{
"name": "104626",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104626"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8276",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8276"
}
]
}
}

306
2018/8xxx/CVE-2018-8438.json
View File

@ -1,155 +1,155 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8438",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka \"Windows Hyper-V Denial of Service Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8437."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Denial of Service"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8438",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8438",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8438"
},
{
"name" : "105249",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105249"
},
{
"name" : "1041624",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041624"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability exists when Microsoft Hyper-V Network Switch on a host server fails to properly validate input from a privileged user on a guest operating system, aka \"Windows Hyper-V Denial of Service Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8436, CVE-2018-8437."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105249"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8438",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8438"
},
{
"name": "1041624",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041624"
}
]
}
}

262
2018/8xxx/CVE-2018-8781.json
View File

@ -1,133 +1,133 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@checkpoint.com",
"DATE_PUBLIC" : "2018-03-21T00:00:00",
"ID" : "CVE-2018-8781",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Linux Kernel",
"version" : {
"version_data" : [
{
"version_value" : "kernel version 3.4 and up to and including 4.15"
}
]
}
}
]
},
"vendor_name" : "Check Point Software Technologies Ltd."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Local Privilege Escalation"
}
"CVE_data_meta": {
"ASSIGNER": "cve@checkpoint.com",
"DATE_PUBLIC": "2018-03-21T00:00:00",
"ID": "CVE-2018-8781",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Linux Kernel",
"version": {
"version_data": [
{
"version_value": "kernel version 3.4 and up to and including 4.15"
}
]
}
}
]
},
"vendor_name": "Check Point Software Technologies Ltd."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name" : "https://patchwork.freedesktop.org/patch/211845/",
"refsource" : "MISC",
"url" : "https://patchwork.freedesktop.org/patch/211845/"
},
{
"name" : "https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/",
"refsource" : "MISC",
"url" : "https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/"
},
{
"name" : "DSA-4187",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4187"
},
{
"name" : "DSA-4188",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4188"
},
{
"name" : "RHSA-2018:2948",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name" : "RHSA-2018:3083",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name" : "RHSA-2018:3096",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name" : "USN-3654-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3654-1/"
},
{
"name" : "USN-3654-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3654-2/"
},
{
"name" : "USN-3656-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3656-1/"
},
{
"name" : "USN-3674-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3674-2/"
},
{
"name" : "USN-3677-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3677-1/"
},
{
"name" : "USN-3677-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3677-2/"
},
{
"name" : "USN-3674-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3674-1/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Local Privilege Escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/",
"refsource": "MISC",
"url": "https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/"
},
{
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3654-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3654-1/"
},
{
"name": "USN-3674-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3674-1/"
},
{
"name": "USN-3677-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3677-1/"
},
{
"name": "DSA-4188",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4188"
},
{
"name": "USN-3674-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3674-2/"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "https://patchwork.freedesktop.org/patch/211845/",
"refsource": "MISC",
"url": "https://patchwork.freedesktop.org/patch/211845/"
},
{
"name": "USN-3677-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3677-2/"
},
{
"name": "USN-3654-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3654-2/"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "USN-3656-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3656-1/"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
}
]
}
}

156
2018/8xxx/CVE-2018-8912.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@synology.com",
"DATE_PUBLIC" : "2018-05-08T00:00:00",
"ID" : "CVE-2018-8912",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Note Station",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_value" : "2.5.1-0844"
}
]
}
}
]
},
"vendor_name" : "Synology"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "LOW",
"baseScore" : 6.5,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "LOW",
"integrityImpact" : "LOW",
"privilegesRequired" : "LOW",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Neutralization of Input During Web Page Generation (CWE-79)"
}
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2018-05-08T00:00:00",
"ID": "CVE-2018-8912",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Note Station",
"version": {
"version_data": [
{
"affected": "<",
"version_value": "2.5.1-0844"
}
]
}
}
]
},
"vendor_name": "Synology"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.synology.com/zh-tw/support/security/Synology_SA_18_03",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/zh-tw/support/security/Synology_SA_18_03"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in Synology Note Station before 2.5.1-0844 allows remote authenticated users to inject arbitrary web script or HTML via the commit_msg parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Neutralization of Input During Web Page Generation (CWE-79)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_03",
"refsource": "CONFIRM",
"url": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_03"
}
]
}
}

120
2018/8xxx/CVE-2018-8991.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8991",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002009."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002009",
"refsource" : "MISC",
"url" : "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002009"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xf1002009."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002009",
"refsource": "MISC",
"url": "https://github.com/D0neMkj/POC_BSOD/tree/master/Windows%20Optimization%20master/0xf1002009"
}
]
}
}