admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 06:59:23 +00:00
parent ef51668331
commit 896f830dc7
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
47 changed files with 3822 additions and 3822 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

98
2005/0xxx/CVE-2005-0179.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0179",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0179",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call."
"lang": "eng",
"value": "Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html"
"name": "oval:org.mitre.oval:def:9890",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9890"
},
{
"name" : "CLA-2005:930",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930"
"name": "20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html"
},
{
"name" : "RHSA-2005:092",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-092.html"
"name": "RHSA-2005:092",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-092.html"
},
{
"name" : "RHSA-2005:663",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-663.html"
"name": "17002",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17002"
},
{
"name" : "oval:org.mitre.oval:def:9890",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9890"
"name": "CLA-2005:930",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930"
},
{
"name" : "ADV-2005-1878",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/1878"
"name": "RHSA-2005:663",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-663.html"
},
{
"name" : "17002",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17002"
"name": "ADV-2005-1878",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1878"
}
]
}

74
2005/1xxx/CVE-2005-1081.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1081",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1081",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20050409 AzDGDatingPlatinum multiple vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/395530"
"name": "20050409 AzDGDatingPlatinum multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/395530"
},
{
"name" : "13082",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13082"
"name": "13082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13082"
},
{
"name" : "azdgdating-platinum-viewphp-xss(20052)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/20052"
"name": "azdgdating-platinum-viewphp-xss(20052)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20052"
}
]
}

62
2005/1xxx/CVE-2005-1720.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1720",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1720",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL."
"lang": "eng",
"value": "AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "APPLE-SA-2005-06-08",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html"
"name": "APPLE-SA-2005-06-08",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Jun/msg00000.html"
}
]
}

68
2005/1xxx/CVE-2005-1967.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1967",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1967",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4) idccr parameter to OptionFieldsEdit.asp."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://echo.or.id/adv/adv16-theday-2005.txt",
"refsource" : "MISC",
"url" : "http://echo.or.id/adv/adv16-theday-2005.txt"
"name": "1014129",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014129"
},
{
"name" : "1014129",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1014129"
"name": "http://echo.or.id/adv/adv16-theday-2005.txt",
"refsource": "MISC",
"url": "http://echo.or.id/adv/adv16-theday-2005.txt"
}
]
}

122
2005/1xxx/CVE-2005-1985.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1985",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2005-1985",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an \"unchecked buffer\" when processing certain crafted network messages."
"lang": "eng",
"value": "The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an \"unchecked buffer\" when processing certain crafted network messages."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS05-046",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-046"
"name": "oval:org.mitre.oval:def:910",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A910"
},
{
"name" : "15066",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15066"
"name": "oval:org.mitre.oval:def:1544",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1544"
},
{
"name" : "19922",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/19922"
"name": "oval:org.mitre.oval:def:1106",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1106"
},
{
"name" : "oval:org.mitre.oval:def:1106",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1106"
"name": "MS05-046",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-046"
},
{
"name" : "oval:org.mitre.oval:def:1210",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1210"
"name": "17165",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17165"
},
{
"name" : "oval:org.mitre.oval:def:1536",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1536"
"name": "19922",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19922"
},
{
"name" : "oval:org.mitre.oval:def:1544",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1544"
"name": "oval:org.mitre.oval:def:1210",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1210"
},
{
"name" : "oval:org.mitre.oval:def:910",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A910"
"name": "15066",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15066"
},
{
"name" : "1015041",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015041"
"name": "win-csnw-bo(21700)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21700"
},
{
"name" : "17165",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17165"
"name": "oval:org.mitre.oval:def:1536",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1536"
},
{
"name" : "win-csnw-bo(21700)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21700"
"name": "1015041",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015041"
}
]
}

128
2005/3xxx/CVE-2005-3116.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3116",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3116",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet."
"lang": "eng",
"value": "Stack-based buffer overflow in a shared library as used by the Volume Manager daemon (vmd) in VERITAS NetBackup Enterprise Server 5.0 MP1 to MP5 and 5.1 up to MP3A allows remote attackers to execute arbitrary code via a crafted packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20051110 Stack Overflow in Veritas Netbackup Enterprise Server",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=336&type=vulnerabilities"
"name": "VU#574662",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/574662"
},
{
"name" : "20060115 Veritas NetBackup \"Volume Manager Daemon\" Module Stack Overflow - Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422066/100/0/threaded"
"name": "20674",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20674"
},
{
"name" : "20060117 Re: Veritas NetBackup \"Volume Manager Daemon\" Module Stack Overflow - Exploit",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/422157/100/0/threaded"
"name": "20060115 Veritas NetBackup \"Volume Manager Daemon\" Module Stack Overflow - Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422066/100/0/threaded"
},
{
"name" : "http://seer.support.veritas.com/docs/279553.htm",
"refsource" : "CONFIRM",
"url" : "http://seer.support.veritas.com/docs/279553.htm"
"name": "15353",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15353"
},
{
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2005.11.08b.html",
"refsource" : "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2005.11.08b.html"
"name": "20051110 Stack Overflow in Veritas Netbackup Enterprise Server",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=336&type=vulnerabilities"
},
{
"name" : "VU#574662",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/574662"
"name": "1015170",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015170"
},
{
"name" : "15353",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15353"
"name": "17503",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17503"
},
{
"name" : "ADV-2005-2349",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2349"
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.11.08b.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.11.08b.html"
},
{
"name" : "20674",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20674"
"name": "20060117 Re: Veritas NetBackup \"Volume Manager Daemon\" Module Stack Overflow - Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422157/100/0/threaded"
},
{
"name" : "1015170",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015170"
"name": "netbackup-vmd-bo(22985)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22985"
},
{
"name" : "17503",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17503"
"name": "ADV-2005-2349",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2349"
},
{
"name" : "netbackup-vmd-bo(22985)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22985"
"name": "http://seer.support.veritas.com/docs/279553.htm",
"refsource": "CONFIRM",
"url": "http://seer.support.veritas.com/docs/279553.htm"
}
]
}

68
2005/3xxx/CVE-2005-3687.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3687",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3687",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter."
"lang": "eng",
"value": "cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote attackers to cancel requests for arbitrary accounts via a modified c parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "15483",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15483"
"name": "17630",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17630"
},
{
"name" : "17630",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17630"
"name": "15483",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15483"
}
]
}

86
2005/3xxx/CVE-2005-3988.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3988",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3988",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter."
"lang": "eng",
"value": "SQL injection vulnerability in article.php in Pineapple Technologies Lore 1.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://pridels0.blogspot.com/2005/12/lore-sql-inj-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/lore-sql-inj-vuln.html"
"name": "17842",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17842"
},
{
"name" : "15665",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15665"
"name": "http://pridels0.blogspot.com/2005/12/lore-sql-inj-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/lore-sql-inj-vuln.html"
},
{
"name" : "ADV-2005-2682",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2682"
"name": "21328",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21328"
},
{
"name" : "21328",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21328"
"name": "15665",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15665"
},
{
"name" : "17842",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17842"
"name": "ADV-2005-2682",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2682"
}
]
}

236
2005/4xxx/CVE-2005-4048.json
View File

@ -1,206 +1,206 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4048",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4048",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes."
"lang": "eng",
"value": "Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558",
"refsource" : "MISC",
"url" : "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558"
"name": "DSA-992",
"refsource": "DEBIAN",
"url": "http://www.us.debian.org/security/2006/dsa-992"
},
{
"name" : "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg",
"refsource" : "CONFIRM",
"url" : "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg"
"name": "GLSA-200602-01",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml"
},
{
"name" : "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg",
"refsource" : "CONFIRM",
"url" : "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg"
"name": "MDKSA-2005:229",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:229"
},
{
"name" : "http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup",
"refsource" : "CONFIRM",
"url" : "http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup"
"name": "MDKSA-2005:232",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:232"
},
{
"name" : "DSA-992",
"refsource" : "DEBIAN",
"url" : "http://www.us.debian.org/security/2006/dsa-992"
"name": "19272",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19272"
},
{
"name" : "DSA-1004",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1004"
"name": "USN-230-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/230-1/"
},
{
"name" : "DSA-1005",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2006/dsa-1005"
"name": "DSA-1005",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1005"
},
{
"name" : "GLSA-200602-01",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200602-01.xml"
"name": "19114",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19114"
},
{
"name" : "GLSA-200603-03",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200603-03.xml"
"name": "GLSA-200601-06",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml"
},
{
"name" : "GLSA-200601-06",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200601-06.xml"
"name": "18087",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18087"
},
{
"name" : "MDKSA-2005:228",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:228"
"name": "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg",
"refsource": "CONFIRM",
"url": "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c?rev=1.162&content-type=text/x-cvsweb-markup&cvsroot=FFMpeg"
},
{
"name" : "MDKSA-2005:229",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:229"
"name": "http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup",
"refsource": "CONFIRM",
"url": "http://cvs.freedesktop.org/gstreamer/gst-ffmpeg/ChangeLog?rev=1.239&view=markup"
},
{
"name" : "MDKSA-2005:230",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:230"
"name": "18400",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18400"
},
{
"name" : "MDKSA-2005:231",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:231"
"name": "MDKSA-2005:230",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:230"
},
{
"name" : "MDKSA-2005:232",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:232"
"name": "GLSA-200603-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-03.xml"
},
{
"name" : "USN-230-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/230-1/"
"name": "17892",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17892"
},
{
"name" : "USN-230-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/230-2/"
"name": "18746",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18746"
},
{
"name" : "15743",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15743"
"name": "MDKSA-2005:228",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:228"
},
{
"name" : "ADV-2005-2770",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2770"
"name": "19192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19192"
},
{
"name" : "17892",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17892"
"name": "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558",
"refsource": "MISC",
"url": "http://article.gmane.org/gmane.comp.video.ffmpeg.devel/26558"
},
{
"name" : "18066",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18066"
"name": "USN-230-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/230-2/"
},
{
"name" : "18107",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18107"
"name": "MDKSA-2005:231",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:231"
},
{
"name" : "18087",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18087"
"name": "ADV-2005-2770",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2770"
},
{
"name" : "18739",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18739"
"name": "DSA-1004",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1004"
},
{
"name" : "18746",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18746"
"name": "18739",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18739"
},
{
"name" : "19114",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19114"
"name": "18107",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18107"
},
{
"name" : "19192",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19192"
"name": "19279",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19279"
},
{
"name" : "19272",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19272"
"name": "15743",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15743"
},
{
"name" : "19279",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/19279"
"name": "18066",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18066"
},
{
"name" : "18400",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18400"
"name": "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg",
"refsource": "CONFIRM",
"url": "http://www1.mplayerhq.hu/cgi-bin/cvsweb.cgi/ffmpeg/libavcodec/utils.c.diff?r1=1.161&r2=1.162&cvsroot=FFMpeg"
}
]
}

98
2005/4xxx/CVE-2005-4294.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4294",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4294",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the username in the login page."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20051215 [scip_Advisory 1910] Alkacon OpenCms 6.0.2 login Cross Site Scripting",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0640.html"
"name": "18046",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18046"
},
{
"name" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1910",
"refsource" : "MISC",
"url" : "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1910"
"name": "ADV-2005-2923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2923"
},
{
"name" : "http://www.opencms.org/opencms/en/download/opencms.html",
"refsource" : "CONFIRM",
"url" : "http://www.opencms.org/opencms/en/download/opencms.html"
"name": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1910",
"refsource": "MISC",
"url": "http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=1910"
},
{
"name" : "15882",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15882"
"name": "15882",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15882"
},
{
"name" : "ADV-2005-2923",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2923"
"name": "http://www.opencms.org/opencms/en/download/opencms.html",
"refsource": "CONFIRM",
"url": "http://www.opencms.org/opencms/en/download/opencms.html"
},
{
"name" : "1015365",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1015365"
"name": "20051215 [scip_Advisory 1910] Alkacon OpenCms 6.0.2 login Cross Site Scripting",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0640.html"
},
{
"name" : "18046",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18046"
"name": "1015365",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015365"
}
]
}

74
2005/4xxx/CVE-2005-4613.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4613",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4613",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified fields in the user edit profile."
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified fields in the user edit profile."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://pridels0.blogspot.com/2005/11/vubb-forum-sql-and-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/11/vubb-forum-sql-and-xss-vuln.html"
"name": "vubb-usereditprofile-xss(24353)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24353"
},
{
"name" : "21332",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21332"
"name": "http://pridels0.blogspot.com/2005/11/vubb-forum-sql-and-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/11/vubb-forum-sql-and-xss-vuln.html"
},
{
"name" : "vubb-usereditprofile-xss(24353)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/24353"
"name": "21332",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21332"
}
]
}

116
2009/0xxx/CVE-2009-0002.json
View File

@ -1,106 +1,106 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0002",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0002",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms."
"lang": "eng",
"value": "Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20090121 ZDI-09-005: Apple QuickTime VR Track Header Atom Heap Corruption Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2009-01/0210.html"
"name": "33384",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33384"
},
{
"name" : "http://www.zerodayinitiative.com/advisories/ZDI-09-005/",
"refsource" : "MISC",
"url" : "http://www.zerodayinitiative.com/advisories/ZDI-09-005/"
"name": "TA09-022A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-022A.html"
},
{
"name" : "http://support.apple.com/kb/HT3403",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3403"
"name": "20090121 ZDI-09-005: Apple QuickTime VR Track Header Atom Heap Corruption Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2009-01/0210.html"
},
{
"name" : "APPLE-SA-2009-01-21",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html"
"name": "APPLE-SA-2009-01-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Jan/msg00000.html"
},
{
"name" : "TA09-022A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-022A.html"
"name": "ADV-2009-0212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0212"
},
{
"name" : "33384",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33384"
"name": "51525",
"refsource": "OSVDB",
"url": "http://osvdb.org/51525"
},
{
"name" : "oval:org.mitre.oval:def:5646",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5646"
"name": "http://support.apple.com/kb/HT3403",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3403"
},
{
"name" : "ADV-2009-0212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0212"
"name": "33632",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33632"
},
{
"name" : "51525",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/51525"
"name": "oval:org.mitre.oval:def:5646",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5646"
},
{
"name" : "33632",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33632"
"name": "http://www.zerodayinitiative.com/advisories/ZDI-09-005/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-09-005/"
}
]
}

80
2009/0xxx/CVE-2009-0321.json
View File

@ -1,76 +1,76 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0321",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0321",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence."
"lang": "eng",
"value": "Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html",
"refsource" : "MISC",
"url" : "http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html"
"name": "oval:org.mitre.oval:def:6091",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6091"
},
{
"name" : "33481",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33481"
"name": "http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html",
"refsource": "MISC",
"url": "http://lostmon.blogspot.com/2009/01/safari-for-windows-321-remote-http-uri.html"
},
{
"name" : "oval:org.mitre.oval:def:6091",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6091"
"name": "safari-httpuri-dos(48284)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48284"
},
{
"name" : "safari-httpuri-dos(48284)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48284"
"name": "33481",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33481"
}
]
}

86
2009/1xxx/CVE-2009-1140.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1140",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1140",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka \"Cross-Domain Information Disclosure Vulnerability.\""
"lang": "eng",
"value": "Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka \"Cross-Domain Information Disclosure Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "MS09-019",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019"
"name": "ADV-2009-1538",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1538"
},
{
"name" : "TA09-160A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
"name": "MS09-019",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-019"
},
{
"name" : "oval:org.mitre.oval:def:6278",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6278"
"name": "oval:org.mitre.oval:def:6278",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6278"
},
{
"name" : "1022350",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1022350"
"name": "TA09-160A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-160A.html"
},
{
"name" : "ADV-2009-1538",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1538"
"name": "1022350",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022350"
}
]
}

104
2009/1xxx/CVE-2009-1196.json
View File

@ -1,96 +1,96 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1196",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1196",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a \"pointer use-after-delete flaw.\""
"lang": "eng",
"value": "The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a \"pointer use-after-delete flaw.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=497135",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=497135"
"name": "35340",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35340"
},
{
"name" : "RHSA-2009:1083",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-1083.html"
"name": "ADV-2009-1488",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1488"
},
{
"name" : "35194",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35194"
"name": "cups-directory-services-dos(50944)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50944"
},
{
"name" : "oval:org.mitre.oval:def:11217",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11217"
"name": "1022327",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022327"
},
{
"name" : "1022327",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022327"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=497135",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=497135"
},
{
"name" : "35340",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35340"
"name": "35194",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35194"
},
{
"name" : "ADV-2009-1488",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1488"
"name": "oval:org.mitre.oval:def:11217",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11217"
},
{
"name" : "cups-directory-services-dos(50944)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50944"
"name": "RHSA-2009:1083",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1083.html"
}
]
}

74
2009/1xxx/CVE-2009-1275.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1275",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1275",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags."
"lang": "eng",
"value": "Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to the (1) tiles:putAttribute and (2) tiles:insertTemplate JSP tags."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913"
"name": "https://issues.apache.org/struts/browse/TILES-351",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/struts/browse/TILES-351"
},
{
"name" : "https://issues.apache.org/struts/browse/TILES-351",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/struts/browse/TILES-351"
"name": "34657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34657"
},
{
"name" : "34657",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34657"
"name": "http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913"
}
]
}

98
2009/1xxx/CVE-2009-1716.json
View File

@ -1,91 +1,91 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1716",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1716",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files."
"lang": "eng",
"value": "CFNetwork in Apple Safari before 4.0 on Windows does not properly protect the temporary files created for downloads, which allows local users to obtain sensitive information by reading these files."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://support.apple.com/kb/HT3613",
"refsource" : "CONFIRM",
"url" : "http://support.apple.com/kb/HT3613"
"name": "APPLE-SA-2009-06-08-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
},
{
"name" : "APPLE-SA-2009-06-08-1",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
"name": "35260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35260"
},
{
"name" : "35260",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35260"
"name": "ADV-2009-1522",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1522"
},
{
"name" : "35347",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35347"
"name": "35379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35379"
},
{
"name" : "1022342",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1022342"
"name": "http://support.apple.com/kb/HT3613",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3613"
},
{
"name" : "35379",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35379"
"name": "1022342",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1022342"
},
{
"name" : "ADV-2009-1522",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1522"
"name": "35347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35347"
}
]
}

74
2009/3xxx/CVE-2009-3367.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3367",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3367",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in An image gallery 1.0 allow remote attackers to inject arbitrary web script or HTML via the path parameter to (1) index.php and (2) main.php, and the (3) show parameter to main.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "57944",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/57944"
"name": "57945",
"refsource": "OSVDB",
"url": "http://osvdb.org/57945"
},
{
"name" : "57945",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/57945"
"name": "57944",
"refsource": "OSVDB",
"url": "http://osvdb.org/57944"
},
{
"name" : "36680",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36680"
"name": "36680",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36680"
}
]
}

74
2009/4xxx/CVE-2009-4960.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4960",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4960",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter."
"lang": "eng",
"value": "Directory traversal vulnerability in modules/backup/download.php in Lanai Core 0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "9490",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9490"
"name": "9490",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9490"
},
{
"name" : "ADV-2009-2402",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2402"
"name": "ADV-2009-2402",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2402"
},
{
"name" : "lanaicore-download-directory-traversal(52718)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/52718"
"name": "lanaicore-download-directory-traversal(52718)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52718"
}
]
}

86
2012/2xxx/CVE-2012-2290.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2290",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"ID": "CVE-2012-2290",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel."
"lang": "eng",
"value": "The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20121010 ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-10/0068.html"
"name": "50957",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/50957"
},
{
"name" : "55883",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55883"
"name": "86158",
"refsource": "OSVDB",
"url": "http://osvdb.org/86158"
},
{
"name" : "86158",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/86158"
"name": "55883",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55883"
},
{
"name" : "1027647",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027647"
"name": "1027647",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027647"
},
{
"name" : "50957",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/50957"
"name": "20121010 ESA-2012-025: EMC NetWorker Module for Microsoft Applications (NMM) Multiple Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-10/0068.html"
}
]
}

74
2012/2xxx/CVE-2012-2437.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2437",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2437",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter."
"lang": "eng",
"value": "cookie_gen.php in ar web content manager (AWCM) 2.2 does not require authentication, which allows remote attackers to generate arbitrary cookies via the name parameter in conjunction with the content parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20121108 Vulnerability Report on AWCM 2.2",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2012-11/0039.html"
"name": "awcm-cookie-sec-bypass(79926)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79926"
},
{
"name" : "http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html"
"name": "http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/117975/AWCM-2.2-Access-Bypass.html"
},
{
"name" : "awcm-cookie-sec-bypass(79926)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79926"
"name": "20121108 Vulnerability Report on AWCM 2.2",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0039.html"
}
]
}

74
2012/2xxx/CVE-2012-2828.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2828",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2012-2828",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document."
"lang": "eng",
"value": "Multiple integer overflows in the PDF functionality in Google Chrome before 20.0.1132.43 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted document."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://code.google.com/p/chromium/issues/detail?id=129857",
"refsource" : "CONFIRM",
"url" : "http://code.google.com/p/chromium/issues/detail?id=129857"
"name": "oval:org.mitre.oval:def:15287",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15287"
},
{
"name" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html"
"name": "http://code.google.com/p/chromium/issues/detail?id=129857",
"refsource": "CONFIRM",
"url": "http://code.google.com/p/chromium/issues/detail?id=129857"
},
{
"name" : "oval:org.mitre.oval:def:15287",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15287"
"name": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2012/06/stable-channel-update_26.html"
}
]
}

110
2012/2xxx/CVE-2012-2937.json
View File

@ -1,101 +1,101 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2937",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2937",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module."
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) list parameter in a move action to admin/admin_index.php, (2) display parameter in a minimize action to admin/admin_index.php, (3) enabled[] parameter to admin/admin_users.php, or (4) msg_id to the module.php in the simple_messaging module."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://secunia.com/secunia_research/2012-19/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2012-19/"
"name": "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2461",
"refsource": "CONFIRM",
"url": "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2461"
},
{
"name" : "http://forums.pligg.com/downloads.php?do=file&id=15",
"refsource" : "CONFIRM",
"url" : "http://forums.pligg.com/downloads.php?do=file&id=15"
"name": "pliggcms-multiple-sql-injection(75765)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75765"
},
{
"name" : "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2461",
"refsource" : "CONFIRM",
"url" : "http://pligg.svn.sourceforge.net/viewvc/pligg?view=revision&revision=2461"
"name": "http://secunia.com/secunia_research/2012-19/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2012-19/"
},
{
"name" : "53625",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53625"
"name": "45431",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/45431"
},
{
"name" : "82048",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/82048"
"name": "53625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53625"
},
{
"name" : "82049",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/82049"
"name": "82050",
"refsource": "OSVDB",
"url": "http://osvdb.org/82050"
},
{
"name" : "82050",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/82050"
"name": "82048",
"refsource": "OSVDB",
"url": "http://osvdb.org/82048"
},
{
"name" : "45431",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/45431"
"name": "http://forums.pligg.com/downloads.php?do=file&id=15",
"refsource": "CONFIRM",
"url": "http://forums.pligg.com/downloads.php?do=file&id=15"
},
{
"name" : "pliggcms-multiple-sql-injection(75765)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/75765"
"name": "82049",
"refsource": "OSVDB",
"url": "http://osvdb.org/82049"
}
]
}

68
2012/6xxx/CVE-2012-6117.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6117",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-6117",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file."
"lang": "eng",
"value": "Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=875294",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=875294"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=875294",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=875294"
},
{
"name" : "RHSA-2013:0545",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-0545.html"
"name": "RHSA-2013:0545",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0545.html"
}
]
}

22
2012/6xxx/CVE-2012-6292.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6292",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6292",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

122
2015/1xxx/CVE-2015-1303.json
View File

@ -1,111 +1,111 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1303",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@google.com",
"ID": "CVE-2015-1303",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element."
"lang": "eng",
"value": "bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html",
"refsource" : "CONFIRM",
"url" : "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html"
"name": "USN-2757-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2757-1"
},
{
"name" : "https://code.google.com/p/chromium/issues/detail?id=530301",
"refsource" : "CONFIRM",
"url" : "https://code.google.com/p/chromium/issues/detail?id=530301"
"name": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html",
"refsource": "CONFIRM",
"url": "http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html"
},
{
"name" : "https://codereview.chromium.org/1339023002",
"refsource" : "CONFIRM",
"url" : "https://codereview.chromium.org/1339023002"
"name": "RHSA-2015:1841",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1841.html"
},
{
"name" : "DSA-3376",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3376"
"name": "openSUSE-SU-2015:1719",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html"
},
{
"name" : "GLSA-201603-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201603-09"
"name": "DSA-3376",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3376"
},
{
"name" : "RHSA-2015:1841",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1841.html"
"name": "https://code.google.com/p/chromium/issues/detail?id=530301",
"refsource": "CONFIRM",
"url": "https://code.google.com/p/chromium/issues/detail?id=530301"
},
{
"name" : "openSUSE-SU-2015:1876",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00002.html"
"name": "GLSA-201603-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201603-09"
},
{
"name" : "openSUSE-SU-2015:1719",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html"
"name": "openSUSE-SU-2015:1876",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00002.html"
},
{
"name" : "USN-2757-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2757-1"
"name": "1033683",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033683"
},
{
"name" : "76844",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76844"
"name": "76844",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76844"
},
{
"name" : "1033683",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1033683"
"name": "https://codereview.chromium.org/1339023002",
"refsource": "CONFIRM",
"url": "https://codereview.chromium.org/1339023002"
}
]
}

22
2015/1xxx/CVE-2015-1413.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1413",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1413",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

86
2015/1xxx/CVE-2015-1438.json
View File

@ -1,81 +1,81 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1438",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1438",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers."
"lang": "eng",
"value": "Heap-based buffer overflow in Panda Security Kernel Memory Access Driver 1.0.0.13 allows attackers to execute arbitrary code with kernel privileges via a crafted size input for allocated kernel paged pool and allocated non-paged pool buffers."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20151231 CVE-2015-1438 - Arbitrary Code Execution [PSKMAD.sys] In Panda Security - Multiple Products",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jul/61"
"name": "http://packetstormsecurity.com/files/132682/Panda-Security-1.0.0.13-Arbitrary-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/132682/Panda-Security-1.0.0.13-Arbitrary-Code-Execution.html"
},
{
"name" : "20151231 CVE-2015-1438 - Panda Security Multiple Products Arbitrary Code Execution",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Jul/42"
"name": "75715",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75715"
},
{
"name" : "http://packetstormsecurity.com/files/132682/Panda-Security-1.0.0.13-Arbitrary-Code-Execution.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/132682/Panda-Security-1.0.0.13-Arbitrary-Code-Execution.html"
"name": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-1438/",
"refsource": "MISC",
"url": "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-1438/"
},
{
"name" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-1438/",
"refsource" : "MISC",
"url" : "https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-1438/"
"name": "20151231 CVE-2015-1438 - Panda Security Multiple Products Arbitrary Code Execution",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jul/42"
},
{
"name" : "75715",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75715"
"name": "20151231 CVE-2015-1438 - Arbitrary Code Execution [PSKMAD.sys] In Panda Security - Multiple Products",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Jul/61"
}
]
}

128
2015/5xxx/CVE-2015-5143.json
View File

@ -1,116 +1,116 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5143",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5143",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys."
"lang": "eng",
"value": "The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/",
"refsource" : "CONFIRM",
"url" : "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/"
"name": "FEDORA-2015-1dd5bc998f",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"
},
{
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
"name": "GLSA-201510-06",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201510-06"
},
{
"name" : "DSA-3305",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3305"
"name": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/",
"refsource": "CONFIRM",
"url": "https://www.djangoproject.com/weblog/2015/jul/08/security-releases/"
},
{
"name" : "FEDORA-2015-1dd5bc998f",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172084.html"
"name": "openSUSE-SU-2015:1802",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html"
},
{
"name" : "GLSA-201510-06",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201510-06"
"name": "openSUSE-SU-2015:1813",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html"
},
{
"name" : "RHSA-2015:1678",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1678.html"
"name": "DSA-3305",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3305"
},
{
"name" : "RHSA-2015:1686",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-1686.html"
"name": "RHSA-2015:1678",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1678.html"
},
{
"name" : "openSUSE-SU-2015:1802",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00043.html"
"name": "75666",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75666"
},
{
"name" : "openSUSE-SU-2015:1813",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2015-10/msg00046.html"
"name": "RHSA-2015:1686",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-1686.html"
},
{
"name" : "USN-2671-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2671-1"
"name": "USN-2671-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2671-1"
},
{
"name" : "75666",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75666"
"name": "1032820",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032820"
},
{
"name" : "1032820",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032820"
"name": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html"
}
]
}

266
2015/5xxx/CVE-2015-5351.json
View File

@ -1,231 +1,231 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5351",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5351",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token."
"lang": "eng",
"value": "The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x before 7.0.68, 8.x before 8.0.31, and 9.x before 9.0.0.M2 establish sessions and send CSRF tokens for arbitrary new requests, which allows remote attackers to bypass a CSRF protection mechanism by using a token."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "20160222 [SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak",
"refsource" : "BUGTRAQ",
"url" : "http://seclists.org/bugtraq/2016/Feb/148"
"name": "83330",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83330"
},
{
"name" : "http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html"
"name": "http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135882/Apache-Tomcat-CSRF-Token-Leak.html"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1720652",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1720652"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1720655",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1720655"
"name": "GLSA-201705-09",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201705-09"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1720658",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1720658"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1720658",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1720658"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1720660",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1720660"
"name": "openSUSE-SU-2016:0865",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1720661",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1720661"
"name": "http://tomcat.apache.org/security-9.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-9.html"
},
{
"name" : "http://svn.apache.org/viewvc?view=revision&revision=1720663",
"refsource" : "CONFIRM",
"url" : "http://svn.apache.org/viewvc?view=revision&revision=1720663"
"name": "USN-3024-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-3024-1"
},
{
"name" : "http://tomcat.apache.org/security-7.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-7.html"
"name": "SUSE-SU-2016:0769",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html"
},
{
"name" : "http://tomcat.apache.org/security-8.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-8.html"
"name": "DSA-3530",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3530"
},
{
"name" : "http://tomcat.apache.org/security-9.html",
"refsource" : "CONFIRM",
"url" : "http://tomcat.apache.org/security-9.html"
"name": "http://tomcat.apache.org/security-7.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-7.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
},
{
"name" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
"refsource" : "CONFIRM",
"url" : "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626"
"name": "20160222 [SECURITY] CVE-2015-5351 Apache Tomcat CSRF token leak",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2016/Feb/148"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
"name": "RHSA-2016:1089",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
},
{
"name" : "https://bto.bluecoat.com/security-advisory/sa118",
"refsource" : "CONFIRM",
"url" : "https://bto.bluecoat.com/security-advisory/sa118"
"name": "http://tomcat.apache.org/security-8.html",
"refsource": "CONFIRM",
"url": "http://tomcat.apache.org/security-8.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
"name": "RHSA-2016:1087",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1087"
},
{
"name" : "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021",
"refsource" : "CONFIRM",
"url" : "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1720655",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1720655"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180531-0001/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180531-0001/"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "1035069",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035069"
},
{
"name" : "DSA-3530",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3530"
"name": "https://bto.bluecoat.com/security-advisory/sa118",
"refsource": "CONFIRM",
"url": "https://bto.bluecoat.com/security-advisory/sa118"
},
{
"name" : "DSA-3609",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3609"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150442"
},
{
"name" : "DSA-3552",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2016/dsa-3552"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1720663",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1720663"
},
{
"name" : "GLSA-201705-09",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201705-09"
"name": "RHSA-2016:2807",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2807.html"
},
{
"name" : "RHSA-2016:1087",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1087"
"name": "RHSA-2016:1088",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2016:1088"
},
{
"name" : "RHSA-2016:1088",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2016:1088"
"name": "https://security.netapp.com/advisory/ntap-20180531-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180531-0001/"
},
{
"name" : "RHSA-2016:1089",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-1089.html"
"name": "RHSA-2016:2808",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2808.html"
},
{
"name" : "RHSA-2016:2599",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1720661",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1720661"
},
{
"name" : "RHSA-2016:2807",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2807.html"
"name": "SUSE-SU-2016:0822",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html"
},
{
"name" : "RHSA-2016:2808",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-2808.html"
"name": "RHSA-2016:2599",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2599.html"
},
{
"name" : "SUSE-SU-2016:0769",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00047.html"
"name": "DSA-3609",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3609"
},
{
"name" : "SUSE-SU-2016:0822",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00069.html"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1720652",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1720652"
},
{
"name" : "openSUSE-SU-2016:0865",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00085.html"
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05158626"
},
{
"name" : "USN-3024-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-3024-1"
"name": "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021",
"refsource": "CONFIRM",
"url": "https://softwaresupport.hpe.com/document/-/facetsearch/document/KM02978021"
},
{
"name" : "83330",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/83330"
"name": "DSA-3552",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3552"
},
{
"name" : "1035069",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035069"
"name": "http://svn.apache.org/viewvc?view=revision&revision=1720660",
"refsource": "CONFIRM",
"url": "http://svn.apache.org/viewvc?view=revision&revision=1720660"
}
]
}

68
2015/5xxx/CVE-2015-5403.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5403",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2015-5403",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139."
"lang": "eng",
"value": "HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix Operating Environment before 7.5.0 and other products, allows remote authenticated users to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2015-2139."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04762744",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04762744"
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04762744",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04762744"
},
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019"
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04774019"
}
]
}

74
2015/5xxx/CVE-2015-5446.json
View File

@ -1,71 +1,71 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5446",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2015-5446",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors."
"lang": "eng",
"value": "HP StoreOnce Backup system software before 3.13.1 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04858589",
"refsource" : "CONFIRM",
"url" : "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04858589"
"name": "1034605",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034605"
},
{
"name" : "79392",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/79392"
"name": "79392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79392"
},
{
"name" : "1034605",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1034605"
"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04858589",
"refsource": "CONFIRM",
"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04858589"
}
]
}

22
2018/11xxx/CVE-2018-11038.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11038",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11038",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

68
2018/11xxx/CVE-2018-11102.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11102",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11102",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv."
"lang": "eng",
"value": "An issue was discovered in Libav 12.3. A read access violation in the mov_probe function in libavformat/mov.c allows remote attackers to cause a denial of service (application crash), as demonstrated by avconv."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://bugzilla.libav.org/show_bug.cgi?id=1128",
"refsource" : "MISC",
"url" : "https://bugzilla.libav.org/show_bug.cgi?id=1128"
"name": "https://docs.google.com/document/d/18xCwfxMSJiQ9ruQSVaO8-jlcobDjFiYXWOaw31V37xo/edit",
"refsource": "MISC",
"url": "https://docs.google.com/document/d/18xCwfxMSJiQ9ruQSVaO8-jlcobDjFiYXWOaw31V37xo/edit"
},
{
"name" : "https://docs.google.com/document/d/18xCwfxMSJiQ9ruQSVaO8-jlcobDjFiYXWOaw31V37xo/edit",
"refsource" : "MISC",
"url" : "https://docs.google.com/document/d/18xCwfxMSJiQ9ruQSVaO8-jlcobDjFiYXWOaw31V37xo/edit"
"name": "https://bugzilla.libav.org/show_bug.cgi?id=1128",
"refsource": "MISC",
"url": "https://bugzilla.libav.org/show_bug.cgi?id=1128"
}
]
}

22
2018/11xxx/CVE-2018-11613.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11613",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11613",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

62
2018/11xxx/CVE-2018-11634.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11634",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11634",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db."
"lang": "eng",
"value": "Plaintext Storage of Passwords in the administrative console in Dialogic PowerMedia XMS before 3.5 SU2 allows local users to access the web application's user passwords in cleartext by reading /var/www/xms/xmsdb/default.db."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://d3adend.org/blog/?p=1398",
"refsource" : "MISC",
"url" : "https://d3adend.org/blog/?p=1398"
"name": "https://d3adend.org/blog/?p=1398",
"refsource": "MISC",
"url": "https://d3adend.org/blog/?p=1398"
}
]
}

62
2018/15xxx/CVE-2018-15566.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15566",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15566",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter."
"lang": "eng",
"value": "tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/fmsdwifull/tp5cms/issues/2",
"refsource" : "MISC",
"url" : "https://github.com/fmsdwifull/tp5cms/issues/2"
"name": "https://github.com/fmsdwifull/tp5cms/issues/2",
"refsource": "MISC",
"url": "https://github.com/fmsdwifull/tp5cms/issues/2"
}
]
}

62
2018/15xxx/CVE-2018-15603.json
View File

@ -1,61 +1,61 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15603",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15603",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the \"Leave a Comment\" screen."
"lang": "eng",
"value": "An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the \"Leave a Comment\" screen."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://github.com/VictorAlagwu/CMSsite/issues/2",
"refsource" : "MISC",
"url" : "https://github.com/VictorAlagwu/CMSsite/issues/2"
"name": "https://github.com/VictorAlagwu/CMSsite/issues/2",
"refsource": "MISC",
"url": "https://github.com/VictorAlagwu/CMSsite/issues/2"
}
]
}

70
2018/3xxx/CVE-2018-3103.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3103",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3103",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Outside In Technology",
"version" : {
"version_data" : [
"product_name": "Outside In Technology",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "8.5.3"
"version_affected": "=",
"version_value": "8.5.3"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
"lang": "eng",
"value": "Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). The supported version that is affected is 8.5.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). The protocol and CVSS score depend on the software that uses the Outside In Technology code. The CVSS score assumes that the software passes data received over a network directly to Outside In Technology code, but if data is not received over a network the CVSS score may be lower. CVSS 3.0 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name" : "104762",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104762"
"name": "104762",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104762"
}
]
}

76
2018/3xxx/CVE-2018-3177.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secalert_us@oracle.com",
"ID" : "CVE-2018-3177",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2018-3177",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Hyperion Common Events",
"version" : {
"version_data" : [
"product_name": "Hyperion Common Events",
"version": {
"version_data": [
{
"version_affected" : "=",
"version_value" : "11.1.2.4"
"version_affected": "=",
"version_value": "11.1.2.4"
}
]
}
}
]
},
"vendor_name" : "Oracle Corporation"
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Common Events, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Common Events accessible data as well as unauthorized read access to a subset of Hyperion Common Events accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
"lang": "eng",
"value": "Vulnerability in the Hyperion Common Events component of Oracle Hyperion (subcomponent: User Interface). The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Common Events, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Common Events accessible data as well as unauthorized read access to a subset of Hyperion Common Events accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Common Events, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Common Events accessible data as well as unauthorized read access to a subset of Hyperion Common Events accessible data."
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Hyperion Common Events. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Hyperion Common Events, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Hyperion Common Events accessible data as well as unauthorized read access to a subset of Hyperion Common Events accessible data."
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name" : "105642",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105642"
"name": "105642",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105642"
},
{
"name" : "1041898",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041898"
"name": "1041898",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041898"
}
]
}

64
2018/3xxx/CVE-2018-3856.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-07-26T00:00:00",
"ID" : "CVE-2018-3856",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-07-26T00:00:00",
"ID": "CVE-2018-3856",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Samsung",
"version" : {
"version_data" : [
"product_name": "Samsung",
"version": {
"version_data": [
{
"version_value" : "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
"version_value": "Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17"
}
]
}
}
]
},
"vendor_name" : "Samsung"
"vendor_name": "Samsung"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability."
"lang": "eng",
"value": "An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The device incorrectly handles spaces in the URL field, leading to an arbitrary operating system command injection. An attacker can send a series of HTTP requests to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Argument Injection or Modification"
"lang": "eng",
"value": "Argument Injection or Modification"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0539",
"refsource" : "MISC",
"url" : "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0539"
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0539",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0539"
}
]
}

68
2018/7xxx/CVE-2018-7218.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7218",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7218",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors."
"lang": "eng",
"value": "The AppFirewall functionality in Citrix NetScaler Application Delivery Controller and NetScaler Gateway 10.5 before Build 68.7, 11.0 before Build 71.24, 11.1 before Build 58.13, and 12.0 before Build 57.24 allows remote attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://support.citrix.com/article/CTX234869",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX234869"
"name": "https://support.citrix.com/article/CTX234869",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX234869"
},
{
"name" : "1040921",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040921"
"name": "1040921",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040921"
}
]
}

22
2018/7xxx/CVE-2018-7346.json
View File

@ -1,17 +1,17 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7346",
"STATE" : "RESERVED"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7346",
"STATE": "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}

70
2018/8xxx/CVE-2018-8006.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"DATE_PUBLIC" : "2018-10-10T00:00:00",
"ID" : "CVE-2018-8006",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"DATE_PUBLIC": "2018-10-10T00:00:00",
"ID": "CVE-2018-8006",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Apache ActiveMQ",
"version" : {
"version_data" : [
"product_name": "Apache ActiveMQ",
"version": {
"version_data": [
{
"version_value" : "5.0.0 to 5.15.5"
"version_value": "5.0.0 to 5.15.5"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
"vendor_name": "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter."
"lang": "eng",
"value": "An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Cross-Site Scripting"
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt",
"refsource" : "CONFIRM",
"url" : "http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt"
"name": "http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt",
"refsource": "CONFIRM",
"url": "http://activemq.apache.org/security-advisories.data/CVE-2018-8006-announcement.txt"
},
{
"name" : "105156",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105156"
"name": "105156",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105156"
}
]
}

64
2018/8xxx/CVE-2018-8868.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-06-29T00:00:00",
"ID" : "CVE-2018-8868",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-06-29T00:00:00",
"ID": "CVE-2018-8868",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Medtronic MyCareLink Patient Monitor",
"version" : {
"version_data" : [
"product_name": "Medtronic MyCareLink Patient Monitor",
"version": {
"version_data": [
{
"version_value" : "24950 MyCareLink Monitor, all versions, 24952 MyCareLink Monitor, all versions."
"version_value": "24950 MyCareLink Monitor, all versions, 24952 MyCareLink Monitor, all versions."
}
]
}
}
]
},
"vendor_name" : "ICS-CERT"
"vendor_name": "ICS-CERT"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality."
"lang": "eng",
"value": "Medtronic MyCareLink Patient Monitor, 24950 MyCareLink Monitor, all versions, and 24952 MyCareLink Monitor, all versions, contains debug code meant to test the functionality of the monitor's communication interfaces, including the interface between the monitor and implantable cardiac device. An attacker with physical access to the device can apply the other vulnerabilities within this advisory to access this debug functionality. This debug functionality provides the ability to read and write arbitrary memory values to implantable cardiac devices via inductive or short range wireless protocols. An attacker with close physical proximity to a target implantable cardiac device can use this debug functionality."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "EXPOSED DANGEROUS METHOD OR FUNCTION CWE-749"
"lang": "eng",
"value": "EXPOSED DANGEROUS METHOD OR FUNCTION CWE-749"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
"name": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSMA-18-179-01"
}
]
}

338
2018/8xxx/CVE-2018-8897.json
View File

@ -1,291 +1,291 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-8897",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-8897",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value" : "n/a"
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
"vendor_name": "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs."
"lang": "eng",
"value": "A statement in the System Programming Guide of the Intel 64 and IA-32 Architectures Software Developer's Manual (SDM) was mishandled in the development of some or all operating-system kernels, resulting in unexpected behavior for #DB exceptions that are deferred by MOV SS or POP SS, as demonstrated by (for example) privilege escalation in Windows, macOS, some Xen configurations, or FreeBSD, or a Linux kernel crash. The MOV to SS and POP SS instructions inhibit interrupts (including NMIs), data breakpoints, and single step trap exceptions until the instruction boundary following the next instruction (SDM Vol. 3A; section 6.8.3). (The inhibited data breakpoints are those on memory accessed by the MOV to SS or POP to SS instruction itself.) Note that debug exceptions are not inhibited by the interrupt enable (EFLAGS.IF) system flag (SDM Vol. 3A; section 2.3). If the instruction following the MOV to SS or POP to SS instruction is an instruction like SYSCALL, SYSENTER, INT 3, etc. that transfers control to the operating system at CPL < 3, the debug exception is delivered after the transfer to CPL < 3 is complete. OS kernels may not expect this order of events and may therefore experience unexpected behavior when it occurs."
}
]
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "n/a"
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "44697",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44697/"
"name": "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
},
{
"name" : "45024",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/45024/"
"name": "http://openwall.com/lists/oss-security/2018/05/08/4",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2018/05/08/4"
},
{
"name" : "[debian-lts-announce] 20180525 [SECURITY] [DLA 1383-1] xen security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html"
"name": "1040849",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040849"
},
{
"name" : "[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html"
"name": "104071",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104071"
},
{
"name" : "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html"
"name": "RHSA-2018:1350",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1350"
},
{
"name" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9",
"refsource" : "MISC",
"url" : "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
"name": "https://support.citrix.com/article/CTX234679",
"refsource": "CONFIRM",
"url": "https://support.citrix.com/article/CTX234679"
},
{
"name" : "http://openwall.com/lists/oss-security/2018/05/08/1",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2018/05/08/1"
"name": "RHSA-2018:1347",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1347"
},
{
"name" : "http://openwall.com/lists/oss-security/2018/05/08/4",
"refsource" : "MISC",
"url" : "http://openwall.com/lists/oss-security/2018/05/08/4"
"name": "44697",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44697/"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1567074",
"refsource" : "MISC",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1567074"
"name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1383-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00015.html"
},
{
"name" : "https://github.com/can1357/CVE-2018-8897/",
"refsource" : "MISC",
"url" : "https://github.com/can1357/CVE-2018-8897/"
"name": "1040866",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040866"
},
{
"name" : "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9",
"refsource" : "MISC",
"url" : "https://github.com/torvalds/linux/commit/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
"name": "[debian-lts-announce] 20181112 [SECURITY] [DLA 1577-1] xen security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00013.html"
},
{
"name" : "https://patchwork.kernel.org/patch/10386677/",
"refsource" : "MISC",
"url" : "https://patchwork.kernel.org/patch/10386677/"
"name": "[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/06/msg00000.html"
},
{
"name" : "https://support.apple.com/HT208742",
"refsource" : "MISC",
"url" : "https://support.apple.com/HT208742"
"name": "https://support.apple.com/HT208742",
"refsource": "MISC",
"url": "https://support.apple.com/HT208742"
},
{
"name" : "https://svnweb.freebsd.org/base?view=revision&revision=333368",
"refsource" : "MISC",
"url" : "https://svnweb.freebsd.org/base?view=revision&revision=333368"
"name": "RHSA-2018:1346",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1346"
},
{
"name" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc",
"refsource" : "MISC",
"url" : "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc"
"name": "RHSA-2018:1348",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1348"
},
{
"name" : "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html",
"refsource" : "MISC",
"url" : "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html"
"name": "RHSA-2018:1354",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1354"
},
{
"name" : "https://xenbits.xen.org/xsa/advisory-260.html",
"refsource" : "MISC",
"url" : "https://xenbits.xen.org/xsa/advisory-260.html"
"name": "https://svnweb.freebsd.org/base?view=revision&revision=333368",
"refsource": "MISC",
"url": "https://svnweb.freebsd.org/base?view=revision&revision=333368"
},
{
"name" : "https://support.citrix.com/article/CTX234679",
"refsource" : "CONFIRM",
"url" : "https://support.citrix.com/article/CTX234679"
"name": "DSA-4196",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4196"
},
{
"name" : "https://www.synology.com/support/security/Synology_SA_18_21",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/support/security/Synology_SA_18_21"
"name": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc",
"refsource": "MISC",
"url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-18:06.debugreg.asc"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897"
"name": "1040744",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040744"
},
{
"name" : "https://security.netapp.com/advisory/ntap-20180927-0002/",
"refsource" : "CONFIRM",
"url" : "https://security.netapp.com/advisory/ntap-20180927-0002/"
"name": "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html",
"refsource": "MISC",
"url": "https://www.triplefault.io/2018/05/spurious-db-exceptions-with-pop-ss.html"
},
{
"name" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource" : "CONFIRM",
"url" : "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
"name": "RHSA-2018:1351",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1351"
},
{
"name" : "DSA-4196",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4196"
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1567074",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567074"
},
{
"name" : "DSA-4201",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4201"
"name": "https://xenbits.xen.org/xsa/advisory-260.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-260.html"
},
{
"name" : "RHSA-2018:1318",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1318"
"name": "RHSA-2018:1319",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1319"
},
{
"name" : "RHSA-2018:1319",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1319"
"name": "DSA-4201",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4201"
},
{
"name" : "RHSA-2018:1345",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1345"
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name" : "RHSA-2018:1346",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1346"
"name": "RHSA-2018:1355",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1355"
},
{
"name" : "RHSA-2018:1347",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1347"
"name": "https://security.netapp.com/advisory/ntap-20180927-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180927-0002/"
},
{
"name" : "RHSA-2018:1348",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1348"
"name": "RHSA-2018:1345",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1345"
},
{
"name" : "RHSA-2018:1349",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1349"
"name": "45024",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45024/"
},
{
"name" : "RHSA-2018:1350",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1350"
"name": "RHSA-2018:1349",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1349"
},
{
"name" : "RHSA-2018:1351",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1351"
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8897"
},
{
"name" : "RHSA-2018:1352",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1352"
"name": "RHSA-2018:1352",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1352"
},
{
"name" : "RHSA-2018:1353",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1353"
"name": "RHSA-2018:1318",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1318"
},
{
"name" : "RHSA-2018:1354",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1354"
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9"
},
{
"name" : "RHSA-2018:1355",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1355"
"name": "https://patchwork.kernel.org/patch/10386677/",
"refsource": "MISC",
"url": "https://patchwork.kernel.org/patch/10386677/"
},
{
"name" : "RHSA-2018:1524",
"refsource" : "REDHAT",
"url" : "https://access.redhat.com/errata/RHSA-2018:1524"
"name": "VU#631579",
"refsource": "CERT-VN",
"url": "https://www.kb.cert.org/vuls/id/631579"
},
{
"name" : "USN-3641-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3641-2/"
"name": "https://github.com/can1357/CVE-2018-8897/",
"refsource": "MISC",
"url": "https://github.com/can1357/CVE-2018-8897/"
},
{
"name" : "USN-3641-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3641-1/"
"name": "RHSA-2018:1524",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1524"
},
{
"name" : "VU#631579",
"refsource" : "CERT-VN",
"url" : "https://www.kb.cert.org/vuls/id/631579"
"name": "http://openwall.com/lists/oss-security/2018/05/08/1",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2018/05/08/1"
},
{
"name" : "104071",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104071"
"name": "1040861",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040861"
},
{
"name" : "1040849",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040849"
"name": "RHSA-2018:1353",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1353"
},
{
"name" : "1040744",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040744"
"name": "USN-3641-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3641-2/"
},
{
"name" : "1040861",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040861"
"name": "https://www.synology.com/support/security/Synology_SA_18_21",
"refsource": "CONFIRM",
"url": "https://www.synology.com/support/security/Synology_SA_18_21"
},
{
"name" : "1040866",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040866"
"name": "1040882",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040882"
},
{
"name" : "1040882",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040882"
"name": "USN-3641-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3641-1/"
}
]
}

98
2018/8xxx/CVE-2018-8926.json
View File

@ -1,83 +1,83 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@synology.com",
"DATE_PUBLIC" : "2018-06-08T00:00:00",
"ID" : "CVE-2018-8926",
"STATE" : "PUBLIC"
"CVE_data_meta": {
"ASSIGNER": "security@synology.com",
"DATE_PUBLIC": "2018-06-08T00:00:00",
"ID": "CVE-2018-8926",
"STATE": "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
"affects": {
"vendor": {
"vendor_data": [
{
"product" : {
"product_data" : [
"product": {
"product_data": [
{
"product_name" : "Photo Station",
"version" : {
"version_data" : [
"product_name": "Photo Station",
"version": {
"version_data": [
{
"affected" : "<",
"version_value" : "6.8.5-3471"
"affected": "<",
"version_value": "6.8.5-3471"
},
{
"affected" : "<",
"version_value" : "6.3-2975"
"affected": "<",
"version_value": "6.3-2975"
}
]
}
}
]
},
"vendor_name" : "Synology"
"vendor_name": "Synology"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang" : "eng",
"value" : "Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter."
"lang": "eng",
"value": "Permissive regular expression vulnerability in synophoto_dsm_user in Synology Photo Station before 6.8.5-3471 and before 6.3-2975 allows remote authenticated users to conduct privilege escalation attacks via the fullname parameter."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "LOW",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 8.8,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "LOW",
"scope" : "UNCHANGED",
"userInteraction" : "NONE",
"vectorString" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version" : "3.0"
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
"problemtype": {
"problemtype_data": [
{
"description" : [
"description": [
{
"lang" : "eng",
"value" : "Permissive Regular Expression (CWE-625)"
"lang": "eng",
"value": "Permissive Regular Expression (CWE-625)"
}
]
}
]
},
"references" : {
"reference_data" : [
"references": {
"reference_data": [
{
"name" : "https://www.synology.com/zh-tw/support/security/Synology_SA_18_15",
"refsource" : "CONFIRM",
"url" : "https://www.synology.com/zh-tw/support/security/Synology_SA_18_15"
"name": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_15",
"refsource": "CONFIRM",
"url": "https://www.synology.com/zh-tw/support/security/Synology_SA_18_15"
}
]
}