admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 01:54:29 +00:00
parent 50ebdf2fab
commit 872812ceec
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
45 changed files with 3600 additions and 3600 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
2005/0xxx/CVE-2005-0719.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0719",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0719",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd."
"lang": "eng",
"value": "Unknown vulnerability in the systems message queue in HP Tru64 Unix 4.0F PK8 through 5.1B-2/PK4 allows local users to cause a denial of service (process crash) for processes such as nfsstat, pfstat, arp, ogated, rarpd, route, sendmail, srconfig, strsetup, trpt, netstat, and xntpd."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "HPSBTU01109",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=111040492127482&w=2"
"name": "HPSBTU01109",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=111040492127482&w=2"
},
{
"name" : "SSRT4891",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=111040492127482&w=2"
"name": "tru64-system-message-dos(19642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19642"
},
{
"name" : "12768",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12768"
"name": "14549",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14549/"
},
{
"name" : "14549",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14549/"
"name": "12768",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12768"
},
{
"name" : "tru64-system-message-dos(19642)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19642"
"name": "SSRT4891",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=111040492127482&w=2"
}
]
}

80
2005/0xxx/CVE-2005-0779.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0779",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0779",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \\ (backslash) in the username."
"lang": "eng",
"value": "PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \\ (backslash) in the username."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050312 PlatinumFTP 1.0.18 remote DoS",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111066232415249&w=2"
"name": "20070101 Re: PlatinumFTP 1.0.18 remote DoS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455609/100/0/threaded"
},
{
"name" : "20070101 Re: PlatinumFTP 1.0.18 remote DoS",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/455609/100/0/threaded"
"name": "platinumftp-username-dos(19674)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19674"
},
{
"name" : "12790",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12790"
"name": "12790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12790"
},
{
"name" : "platinumftp-username-dos(19674)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19674"
"name": "20050312 PlatinumFTP 1.0.18 remote DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111066232415249&w=2"
}
]
}

68
2005/0xxx/CVE-2005-0933.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0933",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0933",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter."
"lang": "eng",
"value": "Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.gulftech.org/?node=research&article_id=00065-03292005",
"refsource" : "MISC",
"url" : "http://www.gulftech.org/?node=research&article_id=00065-03292005"
"name": "http://www.gulftech.org/?node=research&article_id=00065-03292005",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00065-03292005"
},
{
"name" : "12917",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12917"
"name": "12917",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12917"
}
]
}

92
2005/2xxx/CVE-2005-2405.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2405",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2405",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Opera 8.01, when the \"Arial Unicode MS\" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code."
"lang": "eng",
"value": "Opera 8.01, when the \"Arial Unicode MS\" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.opera.com/linux/changelogs/802/",
"refsource" : "CONFIRM",
"url" : "http://www.opera.com/linux/changelogs/802/"
"name": "15870",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15870"
},
{
"name" : "14402",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14402"
"name": "14402",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14402"
},
{
"name" : "ADV-2005-1251",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1251"
"name": "http://www.opera.com/linux/changelogs/802/",
"refsource": "CONFIRM",
"url": "http://www.opera.com/linux/changelogs/802/"
},
{
"name" : "1014592",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014592"
"name": "ADV-2005-1251",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1251"
},
{
"name" : "15870",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15870"
"name": "opera-content-disposition-extension-spoofing(21784)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21784"
},
{
"name" : "opera-content-disposition-extension-spoofing(21784)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21784"
"name": "1014592",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014592"
}
]
}

92
2005/2xxx/CVE-2005-2603.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2603",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2603",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) currDir or (2) image parameters."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the (1) currDir or (2) image parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://secwatch.org/advisories/secwatch/20050813_Mig.txt",
"refsource" : "MISC",
"url" : "http://secwatch.org/advisories/secwatch/20050813_Mig.txt"
"name": "14570",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14570"
},
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=349348",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=349348"
"name": "http://secwatch.org/advisories/secwatch/20050813_Mig.txt",
"refsource": "MISC",
"url": "http://secwatch.org/advisories/secwatch/20050813_Mig.txt"
},
{
"name" : "14570",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14570"
"name": "ADV-2005-1432",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1432"
},
{
"name" : "ADV-2005-1432",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1432"
"name": "18741",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18741"
},
{
"name" : "18741",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/18741"
"name": "16405",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16405"
},
{
"name" : "16405",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16405"
"name": "http://sourceforge.net/project/shownotes.php?release_id=349348",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=349348"
}
]
}

74
2005/2xxx/CVE-2005-2888.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2888",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2888",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) Preview Release 2 allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter to misc.php or (2) Content-Disposition field in the HTTP header to newreply.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050907 SQL Injection[2] In MyBB PR2",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112611068702781&w=2"
"name": "20050907 SQL Injection[2] In MyBB PR2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112611068702781&w=2"
},
{
"name" : "16738",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16738/"
"name": "mybb-misc-newreply-sql-injection(22192)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22192"
},
{
"name" : "mybb-misc-newreply-sql-injection(22192)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22192"
"name": "16738",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16738/"
}
]
}

80
2005/2xxx/CVE-2005-2985.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-2985",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2985",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in search_result.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter."
"lang": "eng",
"value": "SQL injection vulnerability in search_result.php in AEwebworks aeDating Script 4.0 and earlier allows remote attackers to execute arbitrary SQL statements via the Country parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050915 Online Dating Software by AEwebworks - aeDating Script <= 4.0",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112681800009262&w=2"
"name": "16831",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16831/"
},
{
"name" : "14847",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14847"
"name": "14847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14847"
},
{
"name" : "16831",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16831/"
"name": "20050915 Online Dating Software by AEwebworks - aeDating Script <= 4.0",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112681800009262&w=2"
},
{
"name" : "aedating-searchresult-sql-injection(22301)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22301"
"name": "aedating-searchresult-sql-injection(22301)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22301"
}
]
}

62
2005/3xxx/CVE-2005-3093.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3093",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3093",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer."
"lang": "eng",
"value": "Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "14948",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/14948"
"name": "14948",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14948"
}
]
}

68
2005/3xxx/CVE-2005-3145.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3145",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3145",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service (resource consumption) by connecting to sblim-sfcb but not sending any data."
"lang": "eng",
"value": "httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to cause a denial of service (resource consumption) by connecting to sblim-sfcb but not sending any data."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://sourceforge.net/project/shownotes.php?release_id=359700",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/project/shownotes.php?release_id=359700"
"name": "http://sourceforge.net/project/shownotes.php?release_id=359700",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=359700"
},
{
"name" : "16975",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/16975"
"name": "16975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16975"
}
]
}

86
2005/3xxx/CVE-2005-3426.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3426",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3426",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation."
"lang": "eng",
"value": "Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20051019 Cisco 11500 Content Services Switch SSL Malformed Client Certificate Vulnerability",
"refsource" : "CISCO",
"url" : "http://www.cisco.com/warp/public/707/cisco-sa-20051019-css.shtml"
"name": "1015081",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015081"
},
{
"name" : "15144",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15144"
"name": "17260",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17260"
},
{
"name" : "1015081",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015081"
"name": "20051019 Cisco 11500 Content Services Switch SSL Malformed Client Certificate Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/warp/public/707/cisco-sa-20051019-css.shtml"
},
{
"name" : "17260",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17260"
"name": "99",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/99"
},
{
"name" : "99",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/99"
"name": "15144",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15144"
}
]
}

98
2005/4xxx/CVE-2005-4321.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4321",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4321",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Internet Key Exchange version 1 (IKEv1) implementation in Apani Networks EpiForce 1.9 and earlier running IPSec, allow remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
"lang": "eng",
"value": "The Internet Key Exchange version 1 (IKEv1) implementation in Apani Networks EpiForce 1.9 and earlier running IPSec, allow remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20051209 Apani Network Response to ISAKMP cert-fi:7710 Alert",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/419104/100/0/threaded"
"name": "1015340",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/alerts/2005/Dec/1015340.html"
},
{
"name" : "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en",
"refsource" : "MISC",
"url" : "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en"
"name": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en",
"refsource": "MISC",
"url": "http://www.niscc.gov.uk/niscc/docs/re-20051114-01014.pdf?lang=en"
},
{
"name" : "VU#226364",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/226364"
"name": "ADV-2005-2855",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2855"
},
{
"name" : "15797",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15797/"
"name": "15797",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15797/"
},
{
"name" : "ADV-2005-2855",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2855"
"name": "20051209 Apani Network Response to ISAKMP cert-fi:7710 Alert",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/419104/100/0/threaded"
},
{
"name" : "1015340",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/alerts/2005/Dec/1015340.html"
"name": "17985",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17985/"
},
{
"name" : "17985",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17985/"
"name": "VU#226364",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/226364"
}
]
}

86
2005/4xxx/CVE-2005-4549.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4549",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4549",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20051223 SEC Consult SA-20051223-0 :: Multiple Cross Site Scripting Vulnerabilities in OracleAS Discussion Forum Portlet",
"refsource" : "FULLDISC",
"url" : "http://marc.info/?l=full-disclosure&m=113532626203708&w=2"
"name": "298",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/298"
},
{
"name" : "16048",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16048"
"name": "20051223 SEC Consult SA-20051223-0 :: Multiple Cross Site Scripting Vulnerabilities in OracleAS Discussion Forum Portlet",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=113532626203708&w=2"
},
{
"name" : "ADV-2005-3085",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/3085"
"name": "1015405",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015405"
},
{
"name" : "1015405",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015405"
"name": "ADV-2005-3085",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/3085"
},
{
"name" : "298",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/298"
"name": "16048",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16048"
}
]
}

74
2005/4xxx/CVE-2005-4671.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4671",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4671",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "13261",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13261"
"name": "13261",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13261"
},
{
"name" : "1013749",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013749"
"name": "1013749",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013749"
},
{
"name" : "citypostsimplephp-upload-message-xss(20164)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20164"
"name": "citypostsimplephp-upload-message-xss(20164)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20164"
}
]
}

74
2009/2xxx/CVE-2009-2497.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2497",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-2497",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability.\""
"lang": "eng",
"value": "The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka \"Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS09-061",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-061"
"name": "TA09-286A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
},
{
"name" : "TA09-286A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-286A.html"
"name": "oval:org.mitre.oval:def:6510",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6510"
},
{
"name" : "oval:org.mitre.oval:def:6510",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6510"
"name": "MS09-061",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-061"
}
]
}

68
2009/2xxx/CVE-2009-2953.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-2953",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-2953",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715."
"lang": "eng",
"value": "Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20090821 DoS vulnerabilities in Mozilla Firefox, Internet Explorer and Chrome",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/506006/100/0/threaded"
"name": "http://websecurity.com.ua/3424/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3424/"
},
{
"name" : "http://websecurity.com.ua/3424/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/3424/"
"name": "20090821 DoS vulnerabilities in Mozilla Firefox, Internet Explorer and Chrome",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/506006/100/0/threaded"
}
]
}

68
2009/3xxx/CVE-2009-3015.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3015",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3015",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header."
"lang": "eng",
"value": "QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://websecurity.com.ua/3386/",
"refsource" : "MISC",
"url" : "http://websecurity.com.ua/3386/"
"name": "http://websecurity.com.ua/3386/",
"refsource": "MISC",
"url": "http://websecurity.com.ua/3386/"
},
{
"name" : "qtweb-javascript-xss(52993)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52993"
"name": "qtweb-javascript-xss(52993)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52993"
}
]
}

212
2009/3xxx/CVE-2009-3075.json
View File

@ -1,186 +1,186 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3075",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-3075",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors."
"lang": "eng",
"value": "Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html"
"name": "DSA-1885",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1885"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=441714",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=441714"
"name": "RHSA-2010:0153",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0153.html"
},
{
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=505305",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=505305"
"name": "36343",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36343"
},
{
"name" : "http://www.mozilla.org/security/announce/2010/mfsa2010-07.html",
"refsource" : "CONFIRM",
"url" : "http://www.mozilla.org/security/announce/2010/mfsa2010-07.html"
"name": "39001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39001"
},
{
"name" : "DSA-1885",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1885"
"name": "SUSE-SA:2009:048",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
},
{
"name" : "RHSA-2009:1430",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1430.html"
"name": "RHSA-2009:1430",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1430.html"
},
{
"name" : "RHSA-2009:1431",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1431.html"
"name": "ADV-2010-0648",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0648"
},
{
"name" : "RHSA-2009:1432",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
"name": "ADV-2010-0650",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0650"
},
{
"name" : "RHSA-2010:0153",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0153.html"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=441714",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=441714"
},
{
"name" : "RHSA-2010:0154",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0154.html"
"name": "36692",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36692"
},
{
"name" : "SUSE-SR:2010:013",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
"name": "SUSE-SR:2010:013",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
},
{
"name" : "SUSE-SA:2009:048",
"refsource" : "SUSE",
"url" : "http://www.novell.com/linux/security/advisories/2009_48_firefox.html"
"name": "oval:org.mitre.oval:def:5717",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5717"
},
{
"name" : "USN-915-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-915-1"
"name": "36670",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36670"
},
{
"name" : "36343",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36343"
"name": "36671",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36671"
},
{
"name" : "oval:org.mitre.oval:def:11365",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11365"
"name": "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2009/mfsa2009-47.html"
},
{
"name" : "oval:org.mitre.oval:def:5717",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5717"
"name": "38977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38977"
},
{
"name" : "36671",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36671"
"name": "36669",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36669"
},
{
"name" : "39001",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39001"
"name": "oval:org.mitre.oval:def:11365",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11365"
},
{
"name" : "38977",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38977"
"name": "https://bugzilla.mozilla.org/show_bug.cgi?id=505305",
"refsource": "CONFIRM",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=505305"
},
{
"name" : "37098",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37098"
"name": "RHSA-2010:0154",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0154.html"
},
{
"name" : "36669",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36669"
"name": "RHSA-2009:1432",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1432.html"
},
{
"name" : "36670",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36670"
"name": "mozilla-javascript-engine-code-exec(53158)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53158"
},
{
"name" : "36692",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36692"
"name": "37098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37098"
},
{
"name" : "ADV-2010-0648",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0648"
"name": "USN-915-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-915-1"
},
{
"name" : "ADV-2010-0650",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0650"
"name": "http://www.mozilla.org/security/announce/2010/mfsa2010-07.html",
"refsource": "CONFIRM",
"url": "http://www.mozilla.org/security/announce/2010/mfsa2010-07.html"
},
{
"name" : "mozilla-javascript-engine-code-exec(53158)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53158"
"name": "RHSA-2009:1431",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1431.html"
}
]
}

80
2009/3xxx/CVE-2009-3643.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3643",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3643",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to cause a denial of service via a long argument to the (1) LIST and (2) NLST commands, a differnt issue than CVE-2008-5626 and CVE-2006-5728."
"lang": "eng",
"value": "Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to cause a denial of service via a long argument to the (1) LIST and (2) NLST commands, a differnt issue than CVE-2008-5626 and CVE-2006-5728."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://packetstormsecurity.org/0910-exploits/XM-ftp-dos.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0910-exploits/XM-ftp-dos.txt"
"name": "http://packetstormsecurity.org/0910-exploits/XM-ftp-dos.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0910-exploits/XM-ftp-dos.txt"
},
{
"name" : "58542",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/58542"
"name": "easypersonal-list-nlst-dos(53643)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53643"
},
{
"name" : "36941",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36941"
"name": "36941",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36941"
},
{
"name" : "easypersonal-list-nlst-dos(53643)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53643"
"name": "58542",
"refsource": "OSVDB",
"url": "http://osvdb.org/58542"
}
]
}

92
2009/4xxx/CVE-2009-4049.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4049",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4049",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024."
"lang": "eng",
"value": "Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20091114 Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507891/100/0/threaded"
"name": "37031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37031"
},
{
"name" : "http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html",
"refsource" : "MISC",
"url" : "http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html"
"name": "ADV-2009-3266",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3266"
},
{
"name" : "https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corruption_and_Local_Privilege_Escalation.php",
"refsource" : "MISC",
"url" : "https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corruption_and_Local_Privilege_Escalation.php"
"name": "37368",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37368"
},
{
"name" : "37031",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37031"
"name": "http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html",
"refsource": "MISC",
"url": "http://www.efblog.net/2009/11/avast-aswrdrsys-kernel-pool-corruption.html"
},
{
"name" : "37368",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37368"
"name": "20091114 Avast aswRdr.sys Kernel Pool Corruption and Local Privilege Escalation",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507891/100/0/threaded"
},
{
"name" : "ADV-2009-3266",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3266"
"name": "https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corruption_and_Local_Privilege_Escalation.php",
"refsource": "MISC",
"url": "https://www.evilfingers.com/advisory/Advisory/Avast_aswRdr_sys_Kernel_Pool_Corruption_and_Local_Privilege_Escalation.php"
}
]
}

122
2009/4xxx/CVE-2009-4145.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4145",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-4145",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network."
"lang": "eng",
"value": "nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20091216 NetworkManager CVE assignment",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/12/16/3"
"name": "37580",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37580"
},
{
"name" : "http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=56d87fcb86acb5359558e0a2ee702cfc0c3391f2",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=56d87fcb86acb5359558e0a2ee702cfc0c3391f2"
"name": "[oss-security] 20091216 NetworkManager CVE assignment",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/12/16/3"
},
{
"name" : "http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=8627880e07c8345f69ed639325280c7f62a8f894",
"refsource" : "CONFIRM",
"url" : "http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=8627880e07c8345f69ed639325280c7f62a8f894"
"name": "networkmanager-nmconnectioneditor-info-disc(54898)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54898"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=546117",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=546117"
"name": "http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=56d87fcb86acb5359558e0a2ee702cfc0c3391f2",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=56d87fcb86acb5359558e0a2ee702cfc0c3391f2"
},
{
"name" : "RHSA-2010:0108",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2010-0108.html"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=546117",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=546117"
},
{
"name" : "SUSE-SR:2010:002",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html"
"name": "37819",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37819"
},
{
"name" : "37580",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37580"
"name": "oval:org.mitre.oval:def:10539",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10539"
},
{
"name" : "oval:org.mitre.oval:def:10539",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10539"
"name": "SUSE-SR:2010:002",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html"
},
{
"name" : "37819",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37819"
"name": "RHSA-2010:0108",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0108.html"
},
{
"name" : "38420",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38420"
"name": "http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=8627880e07c8345f69ed639325280c7f62a8f894",
"refsource": "CONFIRM",
"url": "http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=8627880e07c8345f69ed639325280c7f62a8f894"
},
{
"name" : "networkmanager-nmconnectioneditor-info-disc(54898)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54898"
"name": "38420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38420"
}
]
}

74
2009/4xxx/CVE-2009-4487.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4487",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4487",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator."
"lang": "eng",
"value": "nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
"name": "37711",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/37711"
},
{
"name" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt",
"refsource" : "MISC",
"url" : "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
"name": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt",
"refsource": "MISC",
"url": "http://www.ush.it/team/ush/hack_httpd_escape/adv.txt"
},
{
"name" : "37711",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/37711"
"name": "20100110 Nginx, Varnish, Cherokee, thttpd, mini-httpd, WEBrick, Orion, AOLserver, Yaws and Boa log escape sequence injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/508830/100/0/threaded"
}
]
}

74
2009/4xxx/CVE-2009-4867.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4867",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4867",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in Tuniac 090517c allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long URL in a .m3u playlist file."
"lang": "eng",
"value": "Buffer overflow in Tuniac 090517c allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long URL in a .m3u playlist file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "9364",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9364"
"name": "tuniac-m3u-bo(52280)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52280"
},
{
"name" : "ADV-2009-2159",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2159"
"name": "ADV-2009-2159",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2159"
},
{
"name" : "tuniac-m3u-bo(52280)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52280"
"name": "9364",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9364"
}
]
}

194
2015/0xxx/CVE-2015-0232.json
View File

@ -1,171 +1,171 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0232",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0232",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image."
"lang": "eng",
"value": "The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=21bc7464f454fec18a9ec024c738f195602fee2a",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=21bc7464f454fec18a9ec024c738f195602fee2a"
"name": "MDVSA-2015:032",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:032"
},
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=2fc178cf448d8e1b95d1314e47eeef610729e0df",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=2fc178cf448d8e1b95d1314e47eeef610729e0df"
"name": "DSA-3195",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3195"
},
{
"name" : "http://git.php.net/?p=php-src.git;a=commit;h=55001de6d8c6ed2aada870a76de1e4b4558737bf",
"refsource" : "CONFIRM",
"url" : "http://git.php.net/?p=php-src.git;a=commit;h=55001de6d8c6ed2aada870a76de1e4b4558737bf"
"name": "72541",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72541"
},
{
"name" : "http://www.php.net/ChangeLog-5.php",
"refsource" : "CONFIRM",
"url" : "http://www.php.net/ChangeLog-5.php"
"name": "HPSBMU03409",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
},
{
"name" : "https://bugs.php.net/bug.php?id=68799",
"refsource" : "CONFIRM",
"url" : "https://bugs.php.net/bug.php?id=68799"
"name": "SUSE-SU-2015:0365",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185472",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1185472"
"name": "http://git.php.net/?p=php-src.git;a=commit;h=2fc178cf448d8e1b95d1314e47eeef610729e0df",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=2fc178cf448d8e1b95d1314e47eeef610729e0df"
},
{
"name" : "http://advisories.mageia.org/MGASA-2015-0040.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2015-0040.html"
"name": "APPLE-SA-2015-09-30-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
},
{
"name" : "https://support.apple.com/HT205267",
"refsource" : "CONFIRM",
"url" : "https://support.apple.com/HT205267"
"name": "HPSBMU03380",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
"name": "http://git.php.net/?p=php-src.git;a=commit;h=21bc7464f454fec18a9ec024c738f195602fee2a",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=21bc7464f454fec18a9ec024c738f195602fee2a"
},
{
"name" : "APPLE-SA-2015-09-30-3",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
},
{
"name" : "DSA-3195",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3195"
"name": "https://bugs.php.net/bug.php?id=68799",
"refsource": "CONFIRM",
"url": "https://bugs.php.net/bug.php?id=68799"
},
{
"name" : "GLSA-201503-03",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201503-03"
"name": "openSUSE-SU-2015:0325",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html"
},
{
"name" : "HPSBMU03380",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=143748090628601&w=2"
"name": "https://support.apple.com/HT205267",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205267"
},
{
"name" : "HPSBMU03409",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
"name": "http://www.php.net/ChangeLog-5.php",
"refsource": "CONFIRM",
"url": "http://www.php.net/ChangeLog-5.php"
},
{
"name" : "MDVSA-2015:032",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:032"
"name": "http://git.php.net/?p=php-src.git;a=commit;h=55001de6d8c6ed2aada870a76de1e4b4558737bf",
"refsource": "CONFIRM",
"url": "http://git.php.net/?p=php-src.git;a=commit;h=55001de6d8c6ed2aada870a76de1e4b4558737bf"
},
{
"name" : "RHSA-2015:1135",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1185472",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1185472"
},
{
"name" : "RHSA-2015:1053",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1053.html"
"name": "RHSA-2015:1135",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1135.html"
},
{
"name" : "RHSA-2015:1066",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1066.html"
"name": "RHSA-2015:1053",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1053.html"
},
{
"name" : "RHSA-2015:1218",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1218.html"
"name": "GLSA-201503-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-03"
},
{
"name" : "SUSE-SU-2015:0365",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html"
"name": "http://advisories.mageia.org/MGASA-2015-0040.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0040.html"
},
{
"name" : "openSUSE-SU-2015:0325",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-02/msg00079.html"
"name": "RHSA-2015:1066",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1066.html"
},
{
"name" : "72541",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72541"
"name": "RHSA-2015:1218",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1218.html"
}
]
}

22
2015/0xxx/CVE-2015-0720.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0720",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-0720",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

74
2015/1xxx/CVE-2015-1057.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1057",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1057",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the \"Real Name\" value."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the \"Real Name\" value."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "35679",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/35679"
"name": "116692",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/116692"
},
{
"name" : "116692",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/show/osvdb/116692"
"name": "bootstrapcms-usersettings-xss(99627)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99627"
},
{
"name" : "bootstrapcms-usersettings-xss(99627)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99627"
"name": "35679",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35679"
}
]
}

80
2015/1xxx/CVE-2015-1800.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1800",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1800",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information."
"lang": "eng",
"value": "The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20150921 Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/09/21/13"
"name": "[oss-security] 20150921 Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/21/13"
},
{
"name" : "[oss-security] 20150921 Samsung S4 (GT-I9500) multiple kernel vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/09/21/4"
"name": "76807",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76807"
},
{
"name" : "[oss-security] 20150922 Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/09/22/18"
"name": "[oss-security] 20150921 Samsung S4 (GT-I9500) multiple kernel vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/21/4"
},
{
"name" : "76807",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76807"
"name": "[oss-security] 20150922 Re: Samsung S4 (GT-I9500) multiple kernel vulnerabilities",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/09/22/18"
}
]
}

86
2015/1xxx/CVE-2015-1821.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1821",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-1821",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder."
"lang": "eng",
"value": "Heap-based buffer overflow in chrony before 1.31.1 allows remote authenticated users to cause a denial of service (chronyd crash) or possibly execute arbitrary code by configuring the (1) NTP or (2) cmdmon access with a subnet size that is indivisible by four and an address with a nonzero bit in the subnet remainder."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[chrony-announce] 20150407 chrony-1.31.1 released (security)",
"refsource" : "MLIST",
"url" : "http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html"
"name": "DSA-3222",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3222"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
"name": "[chrony-announce] 20150407 chrony-1.31.1 released (security)",
"refsource": "MLIST",
"url": "http://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2015/04/msg00002.html"
},
{
"name" : "DSA-3222",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3222"
"name": "73955",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/73955"
},
{
"name" : "GLSA-201507-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201507-01"
"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
},
{
"name" : "73955",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/73955"
"name": "GLSA-201507-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-01"
}
]
}

80
2015/4xxx/CVE-2015-4346.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4346",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4346",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the \"Send to phone\" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the SMS Framework module 6.x-1.x before 6.x-1.1 for Drupal, when the \"Send to phone\" submodule is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to message previews."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/04/25/6"
"name": "72807",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72807"
},
{
"name" : "https://www.drupal.org/node/2437943",
"refsource" : "MISC",
"url" : "https://www.drupal.org/node/2437943"
"name": "https://www.drupal.org/node/2437943",
"refsource": "MISC",
"url": "https://www.drupal.org/node/2437943"
},
{
"name" : "https://www.drupal.org/node/2431717",
"refsource" : "CONFIRM",
"url" : "https://www.drupal.org/node/2431717"
"name": "[oss-security] 20150425 CVE requests for Drupal contributed modules (from SA-CONTRIB-2015-034 to SA-CONTRIB-2015-099)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/04/25/6"
},
{
"name" : "72807",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/72807"
"name": "https://www.drupal.org/node/2431717",
"refsource": "CONFIRM",
"url": "https://www.drupal.org/node/2431717"
}
]
}

68
2015/4xxx/CVE-2015-4415.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4415",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-4415",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in func.php in Magnifica Webscripts Anima Gallery 2.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) theme or (2) lang cookie parameter to AnimaGallery/."
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in func.php in Magnifica Webscripts Anima Gallery 2.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) theme or (2) lang cookie parameter to AnimaGallery/."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20150608 AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/535705/100/0/threaded"
"name": "20150608 AnimaGallery 2.6 (theme and lang cookie parameter) Local File Include Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/535705/100/0/threaded"
},
{
"name" : "75061",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75061"
"name": "75061",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75061"
}
]
}

22
2015/4xxx/CVE-2015-4814.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-4814",
"STATE" : "REJECT"
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-4814",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}

116
2015/5xxx/CVE-2015-5131.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5131",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2015-5131",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5132 and CVE-2015-5133."
"lang": "eng",
"value": "Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5132 and CVE-2015-5133."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "37856",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37856/"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
},
{
"name" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html",
"refsource" : "CONFIRM",
"url" : "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"
"name": "GLSA-201508-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201508-01"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
"name": "37856",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37856/"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05385680"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722"
"name": "76284",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76284"
},
{
"name" : "GLSA-201508-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201508-01"
"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html",
"refsource": "CONFIRM",
"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-19.html"
},
{
"name" : "RHSA-2015:1603",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1603.html"
"name": "openSUSE-SU-2015:1781",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
},
{
"name" : "openSUSE-SU-2015:1781",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00018.html"
"name": "1033235",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033235"
},
{
"name" : "76284",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76284"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05356388"
},
{
"name" : "1033235",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033235"
"name": "RHSA-2015:1603",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1603.html"
}
]
}

128
2015/5xxx/CVE-2015-5225.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5225",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5225",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface."
"lang": "eng",
"value": "Buffer overflow in the vnc_refresh_server_surface function in the VNC display driver in QEMU before 2.4.0.1 allows guest users to cause a denial of service (heap memory corruption and process crash) or possibly execute arbitrary code on the host via unspecified vectors, related to refreshing the server display surface."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[Qemu-deve] 20150915 [ANNOUNCE] QEMU 2.4.0.1 CVE update released",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
"name": "[Qemu-deve] 20150915 [ANNOUNCE] QEMU 2.4.0.1 CVE update released",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg05832.html"
},
{
"name" : "[Qemu-devel] 20150821 [PATCH] vnc: fix memory corruption (CVE-2015-5225)",
"refsource" : "MLIST",
"url" : "https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html"
"name": "[Qemu-devel] 20150821 [PATCH] vnc: fix memory corruption (CVE-2015-5225)",
"refsource": "MLIST",
"url": "https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html"
},
{
"name" : "[oss-security] 20150822 CVE-2015-5225 Qemu: ui: vnc: heap memory corruption issue",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2015/08/21/6"
"name": "RHSA-2015:1837",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1837.html"
},
{
"name" : "DSA-3348",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3348"
"name": "FEDORA-2015-14783",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html"
},
{
"name" : "FEDORA-2015-14783",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/165484.html"
"name": "DSA-3348",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3348"
},
{
"name" : "FEDORA-2015-15364",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html"
"name": "FEDORA-2015-16368",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"
},
{
"name" : "FEDORA-2015-16368",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169039.html"
"name": "RHSA-2015:1772",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1772.html"
},
{
"name" : "GLSA-201602-01",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201602-01"
"name": "1033547",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033547"
},
{
"name" : "RHSA-2015:1772",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1772.html"
"name": "[oss-security] 20150822 CVE-2015-5225 Qemu: ui: vnc: heap memory corruption issue",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/08/21/6"
},
{
"name" : "RHSA-2015:1837",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1837.html"
"name": "76506",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76506"
},
{
"name" : "76506",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76506"
"name": "FEDORA-2015-15364",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-September/166798.html"
},
{
"name" : "1033547",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033547"
"name": "GLSA-201602-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201602-01"
}
]
}

68
2015/5xxx/CVE-2015-5363.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5363",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5363",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial of service (crash) via a crafted DNS response."
"lang": "eng",
"value": "The SRX Network Security Daemon (nsd) in Juniper SRX Series services gateways with Junos 12.1X44 before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X47 before 12.1X47-D25, and 12.3X48 before 12.3X48-D15 allows remote DNS servers to cause a denial of service (crash) via a crafted DNS response."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10692",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10692"
"name": "1032848",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032848"
},
{
"name" : "1032848",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032848"
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10692",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10692"
}
]
}

110
2015/5xxx/CVE-2015-5715.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5715",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5715",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors."
"lang": "eng",
"value": "The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in the XMLRPC subsystem in WordPress before 4.3.1 allows remote authenticated users to bypass intended access restrictions, and arrange for a private post to be published and sticky, via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://wpvulndb.com/vulnerabilities/8188",
"refsource" : "MISC",
"url" : "https://wpvulndb.com/vulnerabilities/8188"
"name": "76748",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76748"
},
{
"name" : "https://codex.wordpress.org/Version_4.3.1",
"refsource" : "CONFIRM",
"url" : "https://codex.wordpress.org/Version_4.3.1"
"name": "https://security-tracker.debian.org/tracker/CVE-2015-5715",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2015-5715"
},
{
"name" : "https://github.com/WordPress/WordPress/commit/9c57f3a4291f2311ae05f22c10eedeb0f69337ab",
"refsource" : "CONFIRM",
"url" : "https://github.com/WordPress/WordPress/commit/9c57f3a4291f2311ae05f22c10eedeb0f69337ab"
"name": "https://codex.wordpress.org/Version_4.3.1",
"refsource": "CONFIRM",
"url": "https://codex.wordpress.org/Version_4.3.1"
},
{
"name" : "https://security-tracker.debian.org/tracker/CVE-2015-5715",
"refsource" : "CONFIRM",
"url" : "https://security-tracker.debian.org/tracker/CVE-2015-5715"
"name": "DSA-3375",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3375"
},
{
"name" : "https://wordpress.org/news/2015/09/wordpress-4-3-1/",
"refsource" : "CONFIRM",
"url" : "https://wordpress.org/news/2015/09/wordpress-4-3-1/"
"name": "https://wordpress.org/news/2015/09/wordpress-4-3-1/",
"refsource": "CONFIRM",
"url": "https://wordpress.org/news/2015/09/wordpress-4-3-1/"
},
{
"name" : "DSA-3375",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3375"
"name": "https://github.com/WordPress/WordPress/commit/9c57f3a4291f2311ae05f22c10eedeb0f69337ab",
"refsource": "CONFIRM",
"url": "https://github.com/WordPress/WordPress/commit/9c57f3a4291f2311ae05f22c10eedeb0f69337ab"
},
{
"name" : "DSA-3383",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3383"
"name": "https://wpvulndb.com/vulnerabilities/8188",
"refsource": "MISC",
"url": "https://wpvulndb.com/vulnerabilities/8188"
},
{
"name" : "76748",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76748"
"name": "1033979",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033979"
},
{
"name" : "1033979",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033979"
"name": "DSA-3383",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3383"
}
]
}

100
2018/2xxx/CVE-2018-2775.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2775",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2775",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "5.7.21 and prior"
"version_affected": "=",
"version_value": "5.7.21 and prior"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
"name": "1040698",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040698"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180419-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180419-0002/"
"name": "https://security.netapp.com/advisory/ntap-20180419-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180419-0002/"
},
{
"name" : "RHSA-2018:3655",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3655"
"name": "103777",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103777"
},
{
"name" : "USN-3629-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3629-1/"
"name": "RHSA-2018:3655",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3655"
},
{
"name" : "USN-3629-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3629-3/"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
},
{
"name" : "103777",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103777"
"name": "USN-3629-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3629-1/"
},
{
"name" : "1040698",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040698"
"name": "USN-3629-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3629-3/"
}
]
}

84
2018/2xxx/CVE-2018-2914.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-2914",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-2914",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "GoldenGate",
"version" : {
"version_data" : [
"product_name": "GoldenGate",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "12.1.2.1.0"
"version_affected": "=",
"version_value": "12.1.2.1.0"
},
{
"version_affected" : "=",
"version_value" : "12.2.0.2.0"
"version_affected": "=",
"version_value": "12.2.0.2.0"
},
{
"version_affected" : "=",
"version_value" : "12.3.0.1.0"
"version_affected": "=",
"version_value": "12.3.0.1.0"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
"lang": "eng",
"value": "Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate (subcomponent: Manager). Supported versions that are affected are 12.1.2.1.0, 12.2.0.2.0 and 12.3.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate. CVSS 3.0 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle GoldenGate. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.tenable.com/security/research/tra-2018-31",
"refsource" : "MISC",
"url" : "https://www.tenable.com/security/research/tra-2018-31"
"name": "105651",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105651"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105651",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105651"
"name": "https://www.tenable.com/security/research/tra-2018-31",
"refsource": "MISC",
"url": "https://www.tenable.com/security/research/tra-2018-31"
}
]
}

126
2018/3xxx/CVE-2018-3058.json
View File

@ -1,115 +1,115 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3058",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3058",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "MySQL Server",
"version" : {
"version_data" : [
"product_name": "MySQL Server",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "5.5.60 and prior"
"version_affected": "=",
"version_value": "5.5.60 and prior"
},
{
"version_affected" : "=",
"version_value" : "5.6.40 and prior"
"version_affected": "=",
"version_value": "5.6.40 and prior"
},
{
"version_affected" : "=",
"version_value" : "5.7.22 and prior"
"version_affected": "=",
"version_value": "5.7.22 and prior"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.60 and prior, 5.6.40 and prior and 5.7.22 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.0 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html"
"name": "DSA-4341",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4341"
},
{
"name" : "[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "USN-3725-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3725-1/"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180726-0002/"
"name": "1041294",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041294"
},
{
"name" : "DSA-4341",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4341"
"name": "RHSA-2018:3655",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3655"
},
{
"name" : "RHSA-2018:3655",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:3655"
"name": "[debian-lts-announce] 20181105 [SECURITY] [DLA 1566-1] mysql-5.5 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00004.html"
},
{
"name" : "USN-3725-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3725-1/"
"name": "USN-3725-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3725-2/"
},
{
"name" : "USN-3725-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3725-2/"
"name": "https://security.netapp.com/advisory/ntap-20180726-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180726-0002/"
},
{
"name" : "104766",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104766"
"name": "[debian-lts-announce] 20180831 [SECURITY] [DLA 1488-1] mariadb-10.0 security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00036.html"
},
{
"name" : "1041294",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041294"
"name": "104766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104766"
}
]
}

80
2018/3xxx/CVE-2018-3109.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3109",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3109",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Fusion Middleware MapViewer",
"version" : {
"version_data" : [
"product_name": "Fusion Middleware MapViewer",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "12.2.1.2"
"version_affected": "=",
"version_value": "12.2.1.2"
},
{
"version_affected" : "=",
"version_value" : "12.2.1.3"
"version_affected": "=",
"version_value": "12.2.1.3"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware MapViewer accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
"lang": "eng",
"value": "Vulnerability in the Oracle Fusion Middleware MapViewer component of Oracle Fusion Middleware (subcomponent: Map Builder). Supported versions that are affected are 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware MapViewer accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware MapViewer accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Fusion Middleware MapViewer accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104771",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104771"
"name": "104771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104771"
},
{
"name" : "1041310",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041310"
"name": "1041310",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041310"
}
]
}

22
2018/3xxx/CVE-2018-3320.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-3320",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-3320",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

70
2018/3xxx/CVE-2018-3661.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@intel.com",
"DATE_PUBLIC" : "2018-05-15T00:00:00",
"ID" : "CVE-2018-3661",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@intel.com",
"DATE_PUBLIC": "2018-05-15T00:00:00",
"ID": "CVE-2018-3661",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "System Configuration Utilities",
"version" : {
"version_data" : [
"product_name": "System Configuration Utilities",
"version": {
"version_data": [
{
"version_value" : "before version 14 build 11"
"version_value": "before version 14 build 11"
}
]
}
}
]
},
"vendor_name" : "Intel Corporation"
"vendor_name": "Intel Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Buffer overflow in Intel system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service."
"lang": "eng",
"value": "Buffer overflow in Intel system Configuration utilities selview.exe and syscfg.exe before version 14 build 11 allows a local user to crash these services potentially resulting in a denial of service."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Denial of Service"
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00134.html",
"refsource" : "CONFIRM",
"url" : "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00134.html"
"name": "104247",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104247"
},
{
"name" : "104247",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104247"
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00134.html",
"refsource": "CONFIRM",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00134.html"
}
]
}

70
2018/3xxx/CVE-2018-3852.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-06-05T00:00:00",
"ID" : "CVE-2018-3852",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-06-05T00:00:00",
"ID": "CVE-2018-3852",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Ocularis",
"version" : {
"version_data" : [
"product_name": "Ocularis",
"version": {
"version_data": [
{
"version_value" : "Ocularis Recorder 5.5.0.242"
"version_value": "Ocularis Recorder 5.5.0.242"
}
]
}
}
]
},
"vendor_name" : "Talos"
"vendor_name": "Talos"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability."
"lang": "eng",
"value": "An exploitable denial of service vulnerability exists in the Ocularis Recorder functionality of Ocularis 5.5.0.242. A specially crafted TCP packet can cause a process to terminate resulting in denial of service. An attacker can send a crafted TCP packet to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "denial of service"
"lang": "eng",
"value": "denial of service"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0535",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0535"
"name": "104387",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104387"
},
{
"name" : "104387",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104387"
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0535",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0535"
}
]
}

92
2018/6xxx/CVE-2018-6882.json
View File

@ -1,86 +1,86 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6882",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6882",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the ZmMailMsgView.getAttachmentLinkHtml function in Zimbra Collaboration Suite (ZCS) before 8.7 Patch 1 and 8.8.x before 8.8.7 might allow remote attackers to inject arbitrary web script or HTML via a Content-Location header in an email attachment."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20180324 Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/541891/100/0/threaded"
"name": "20180324 Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Mar/52"
},
{
"name" : "20180324 Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/Mar/52"
"name": "https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html",
"refsource": "MISC",
"url": "https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html"
},
{
"name" : "https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html",
"refsource" : "MISC",
"url" : "https://www.securify.nl/advisory/SFY20180101/cross-site-scripting-vulnerability-in-zimbra-collaboration-suite-due-to-the-way-it-handles-attachment-links.html"
"name": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7"
},
{
"name" : "https://bugzilla.zimbra.com/show_bug.cgi?id=108786",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.zimbra.com/show_bug.cgi?id=108786"
"name": "https://bugzilla.zimbra.com/show_bug.cgi?id=108786",
"refsource": "CONFIRM",
"url": "https://bugzilla.zimbra.com/show_bug.cgi?id=108786"
},
{
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7",
"refsource" : "CONFIRM",
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.7"
"name": "20180324 Cross-Site Scripting vulnerability in Zimbra Collaboration Suite due to the way it handles attachment links",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/541891/100/0/threaded"
},
{
"name" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource" : "CONFIRM",
"url" : "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
"name": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"refsource": "CONFIRM",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
]
}

62
2018/6xxx/CVE-2018-6930.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-6930",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6930",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file."
"lang": "eng",
"value": "A stack-based buffer over-read in the ComputeResizeImage function in the MagickCore/accelerate.c file of ImageMagick 7.0.7-22 allows a remote attacker to cause a denial of service (application crash) via a maliciously crafted pict file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/ImageMagick/ImageMagick/issues/967",
"refsource" : "MISC",
"url" : "https://github.com/ImageMagick/ImageMagick/issues/967"
"name": "https://github.com/ImageMagick/ImageMagick/issues/967",
"refsource": "MISC",
"url": "https://github.com/ImageMagick/ImageMagick/issues/967"
}
]
}

110
2018/8xxx/CVE-2018-8212.json
View File

@ -1,121 +1,121 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8212",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8212",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value" : "(Server Core installation)"
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value" : "32-bit Systems"
"version_value": "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value" : "version 1709 (Server Core Installation)"
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
"vendor_name": "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221."
"lang": "eng",
"value": "A security feature bypass vulnerability exists in Device Guard that could allow an attacker to inject malicious code into a Windows PowerShell session, aka \"Device Guard Code Integrity Policy Security Feature Bypass Vulnerability.\" This affects Windows Server 2016, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8201, CVE-2018-8211, CVE-2018-8215, CVE-2018-8216, CVE-2018-8217, CVE-2018-8221."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8212",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8212"
"name": "1041098",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041098"
},
{
"name" : "104328",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104328"
"name": "104328",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104328"
},
{
"name" : "1041098",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041098"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8212",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8212"
}
]
}

94
2018/8xxx/CVE-2018-8541.json
View File

@ -1,99 +1,99 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8541",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8541",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for ARM64-based Systems"
"version_value": "Windows 10 Version 1803 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1809 for 32-bit Systems"
"version_value": "Windows 10 Version 1809 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1809 for ARM64-based Systems"
"version_value": "Windows 10 Version 1809 for ARM64-based Systems"
},
{
"version_value" : "Windows 10 Version 1809 for x64-based Systems"
"version_value": "Windows 10 Version 1809 for x64-based Systems"
},
{
"version_value" : "Windows Server 2019"
"version_value": "Windows Server 2019"
}
]
}
},
{
"product_name" : "ChakraCore",
"version" : {
"version_data" : [
"product_name": "ChakraCore",
"version": {
"version_data": [
{
"version_value" : "ChakraCore"
"version_value": "ChakraCore"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
"vendor_name": "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588."
"lang": "eng",
"value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8542, CVE-2018-8543, CVE-2018-8551, CVE-2018-8555, CVE-2018-8556, CVE-2018-8557, CVE-2018-8588."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Remote Code Execution"
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8541",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8541"
"name": "105771",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105771"
},
{
"name" : "105771",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105771"
"name": "1042107",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042107"
},
{
"name" : "1042107",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042107"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8541",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8541"
}
]
}