admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-17 22:56:51 +00:00
parent 174e1daa10
commit 9160cf41f6
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
52 changed files with 3804 additions and 3804 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

180
2005/0xxx/CVE-2005-0005.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0005",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0005",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050117 Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability",
"refsource" : "IDEFENSE",
"url" : "http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities"
},
{
"name" : "DSA-646",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2005/dsa-646"
},
{
"name" : "GLSA-200501-37",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200501-37.xml"
},
{
"name" : "RHSA-2005:071",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-071.html"
},
{
"name" : "20050118 [USN-62-1] imagemagick vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110608222117215&w=2"
},
{
"name" : "RHSA-2005:070",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-070.html"
},
{
"name" : "oval:org.mitre.oval:def:9925",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9925"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:9925",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9925"
},
{
"name": "DSA-646",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-646"
},
{
"name": "GLSA-200501-37",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-37.xml"
},
{
"name": "20050118 [USN-62-1] imagemagick vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110608222117215&w=2"
},
{
"name": "20050117 Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities"
},
{
"name": "RHSA-2005:071",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-071.html"
},
{
"name": "RHSA-2005:070",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-070.html"
}
]
}
}

200
2005/0xxx/CVE-2005-0180.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0180",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/386374"
},
{
"name" : "20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html"
},
{
"name" : "CLA-2005:930",
"refsource" : "CONECTIVA",
"url" : "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930"
},
{
"name" : "MDKSA-2005:218",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218"
},
{
"name" : "MDKSA-2005:219",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219"
},
{
"name" : "RHSA-2005:092",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2005-092.html"
},
{
"name" : "12198",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12198"
},
{
"name" : "oval:org.mitre.oval:def:10667",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10667"
},
{
"name" : "17826",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17826"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12198",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12198"
},
{
"name": "20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html"
},
{
"name": "RHSA-2005:092",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-092.html"
},
{
"name": "MDKSA-2005:218",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:218"
},
{
"name": "17826",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17826"
},
{
"name": "CLA-2005:930",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930"
},
{
"name": "MDKSA-2005:219",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:219"
},
{
"name": "20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/386374"
},
{
"name": "oval:org.mitre.oval:def:10667",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10667"
}
]
}
}

130
2005/0xxx/CVE-2005-0367.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0367",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1.8.7.3 allow remote authenticated users to read, delete, or upload arbitrary files via a .. (dot dot) in (1) the filename of an e-mail attachment, (2) the _msgatt.rec file, (3) and the /msg, /delete, /folderadd, and /folderdelete operations for the Folder parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050209 [SIG^2 G-TEC] ArGoSoft Mail Server Webmail Multiple Directory Traversal Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110796956011699&w=2"
},
{
"name" : "http://www.security.org.sg/vuln/argosoftmail1873.html",
"refsource" : "MISC",
"url" : "http://www.security.org.sg/vuln/argosoftmail1873.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1.8.7.3 allow remote authenticated users to read, delete, or upload arbitrary files via a .. (dot dot) in (1) the filename of an e-mail attachment, (2) the _msgatt.rec file, (3) and the /msg, /delete, /folderadd, and /folderdelete operations for the Folder parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050209 [SIG^2 G-TEC] ArGoSoft Mail Server Webmail Multiple Directory Traversal Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110796956011699&w=2"
},
{
"name": "http://www.security.org.sg/vuln/argosoftmail1873.html",
"refsource": "MISC",
"url": "http://www.security.org.sg/vuln/argosoftmail1873.html"
}
]
}
}

150
2005/0xxx/CVE-2005-0514.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0514",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0514",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20041223 Cross-Site Scripting - an industry-wide problem",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030222.html"
},
{
"name" : "http://www.mikx.de/index.php?p=6",
"refsource" : "MISC",
"url" : "http://www.mikx.de/index.php?p=6"
},
{
"name" : "VU#716144",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/716144"
},
{
"name" : "14367",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14367"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Verity Ultraseek before 5.3.3 allows remote attackers to inject arbitrary HTML and web script via search parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.mikx.de/index.php?p=6",
"refsource": "MISC",
"url": "http://www.mikx.de/index.php?p=6"
},
{
"name": "14367",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14367"
},
{
"name": "20041223 Cross-Site Scripting - an industry-wide problem",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030222.html"
},
{
"name": "VU#716144",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/716144"
}
]
}
}

210
2005/0xxx/CVE-2005-0862.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0862",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0862",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20070410 PhpOpenChat <= 3.0.1 (poc.php) Multiple Remote File Include Vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/465237/100/0/threaded"
},
{
"name" : "http://www.albanianhaxorz.org/advisory/phpopenchaten.txt",
"refsource" : "MISC",
"url" : "http://www.albanianhaxorz.org/advisory/phpopenchaten.txt"
},
{
"name" : "http://www.zone-h.org/advisories/read/id=7310",
"refsource" : "MISC",
"url" : "http://www.zone-h.org/advisories/read/id=7310"
},
{
"name" : "12817",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12817"
},
{
"name" : "14807",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/14807"
},
{
"name" : "14808",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/14808"
},
{
"name" : "14809",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/14809"
},
{
"name" : "1013434",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013434"
},
{
"name" : "14600",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14600"
},
{
"name" : "phpopenchat-file-include(19721)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19721"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "14809",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14809"
},
{
"name": "http://www.albanianhaxorz.org/advisory/phpopenchaten.txt",
"refsource": "MISC",
"url": "http://www.albanianhaxorz.org/advisory/phpopenchaten.txt"
},
{
"name": "20070410 PhpOpenChat <= 3.0.1 (poc.php) Multiple Remote File Include Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/465237/100/0/threaded"
},
{
"name": "http://www.zone-h.org/advisories/read/id=7310",
"refsource": "MISC",
"url": "http://www.zone-h.org/advisories/read/id=7310"
},
{
"name": "14808",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14808"
},
{
"name": "1013434",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013434"
},
{
"name": "phpopenchat-file-include(19721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19721"
},
{
"name": "14807",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14807"
},
{
"name": "12817",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12817"
},
{
"name": "14600",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14600"
}
]
}
}

120
2005/1xxx/CVE-2005-1699.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1699",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050521 [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=>x cXIb8O3.10",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111670586322172&w=2"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in pnadminapi.php in the Xanthia module in PostNuke 0.760-RC3 allows remote administrators to read arbitrary files via a .. (dot dot) in the skin parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050521 [SECURITYREASON.COM] PostNuke Non Critical SQL Injection and Include 0.760-RC3=>x cXIb8O3.10",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111670586322172&w=2"
}
]
}
}

210
2005/3xxx/CVE-2005-3202.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3202",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051007 Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=112870398418456&w=2"
},
{
"name" : "20051007 Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0173.html"
},
{
"name" : "http://www.red-database-security.com/advisory/oracle_htmldb_css.html",
"refsource" : "MISC",
"url" : "http://www.red-database-security.com/advisory/oracle_htmldb_css.html"
},
{
"name" : "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf",
"refsource" : "MISC",
"url" : "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf"
},
{
"name" : "15031",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15031"
},
{
"name" : "20051",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20051"
},
{
"name" : "20052",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/20052"
},
{
"name" : "14935",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14935/"
},
{
"name" : "62",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/62"
},
{
"name" : "oracle-htmldb-xss(22540)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/22540"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the (1) p or (2) p_t02 parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.red-database-security.com/advisory/oracle_htmldb_css.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_htmldb_css.html"
},
{
"name": "20052",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20052"
},
{
"name": "62",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/62"
},
{
"name": "14935",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14935/"
},
{
"name": "20051007 Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112870398418456&w=2"
},
{
"name": "oracle-htmldb-xss(22540)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22540"
},
{
"name": "20051",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20051"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf",
"refsource": "MISC",
"url": "http://www.oracle.com/technology/deploy/security/pdf/cpuapr2005.pdf"
},
{
"name": "20051007 Cross-Site-Scripting Vulnerabilities in Oracle HTMLDB",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0173.html"
},
{
"name": "15031",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15031"
}
]
}
}

190
2005/3xxx/CVE-2005-3902.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-3902",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=113269811630139&w=2"
},
{
"name" : "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"refsource" : "FULLDISC",
"url" : "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039000.html"
},
{
"name" : "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt",
"refsource" : "MISC",
"url" : "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt"
},
{
"name" : "15538",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/15538"
},
{
"name" : "21060",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21060"
},
{
"name" : "17704",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17704/"
},
{
"name" : "202",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/202"
},
{
"name" : "vhcs-http-error-xss(23209)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23209"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error message, as demonstrated using a parameter containing script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15538",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15538"
},
{
"name": "202",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/202"
},
{
"name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=113269811630139&w=2"
},
{
"name": "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt",
"refsource": "MISC",
"url": "http://moritz-naumann.com/adv/0006/vhcsxss/0006.txt"
},
{
"name": "21060",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21060"
},
{
"name": "vhcs-http-error-xss(23209)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23209"
},
{
"name": "17704",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17704/"
},
{
"name": "20051122 VHCS 2.x HTTP Error Cross Site Scripting",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/039000.html"
}
]
}
}

150
2005/4xxx/CVE-2005-4355.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4355",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4355",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "ADV-2005-2990",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2990"
},
{
"name" : "21979",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21979"
},
{
"name" : "21980",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21980"
},
{
"name" : "18026",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18026"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in UStore allow remote attackers to inject arbitrary web script or HTML via the (1) Cat parameter in default.asp and the (2) accessdenied parameter in admin/default.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21980",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21980"
},
{
"name": "18026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18026"
},
{
"name": "21979",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21979"
},
{
"name": "ADV-2005-2990",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2990"
}
]
}
}

170
2005/4xxx/CVE-2005-4533.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4533",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via \"getopt\" style argument specifications, which are not filtered."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4533",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://sublimation.org/scponly/#relnotes",
"refsource" : "CONFIRM",
"url" : "http://sublimation.org/scponly/#relnotes"
},
{
"name" : "GLSA-200512-17",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200512-17.xml"
},
{
"name" : "16051",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16051"
},
{
"name" : "18223",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18223"
},
{
"name" : "18236",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18236"
},
{
"name" : "scponly-escape-shell-restrictions(23875)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23875"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via \"getopt\" style argument specifications, which are not filtered."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "18223",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18223"
},
{
"name": "16051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16051"
},
{
"name": "18236",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18236"
},
{
"name": "http://sublimation.org/scponly/#relnotes",
"refsource": "CONFIRM",
"url": "http://sublimation.org/scponly/#relnotes"
},
{
"name": "GLSA-200512-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-17.xml"
},
{
"name": "scponly-escape-shell-restrictions(23875)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23875"
}
]
}
}

160
2005/4xxx/CVE-2005-4580.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4580",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4580",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pridels0.blogspot.com/2005/12/communiqu-4-xss-vuln.html",
"refsource" : "MISC",
"url" : "http://pridels0.blogspot.com/2005/12/communiqu-4-xss-vuln.html"
},
{
"name" : "16072",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/16072"
},
{
"name" : "21930",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/21930"
},
{
"name" : "18258",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/18258"
},
{
"name" : "Communiqué-search-xss(23860)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23860"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "16072",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16072"
},
{
"name": "21930",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21930"
},
{
"name": "Communiqu\u00e9-search-xss(23860)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23860"
},
{
"name": "http://pridels0.blogspot.com/2005/12/communiqu-4-xss-vuln.html",
"refsource": "MISC",
"url": "http://pridels0.blogspot.com/2005/12/communiqu-4-xss-vuln.html"
},
{
"name": "18258",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18258"
}
]
}
}

150
2005/4xxx/CVE-2005-4655.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-4655",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as \"<me<meta>ta\" and \"<sc<script>ript>\"."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4655",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20051024 Possible Bug in PHP-Fusion 6.0.204",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2005-10/0272.html"
},
{
"name" : "ADV-2005-2192",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/2192"
},
{
"name" : "17312",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/17312"
},
{
"name" : "106",
"refsource" : "SREASON",
"url" : "http://securityreason.com/securityalert/106"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as \"<me<meta>ta\" and \"<sc<script>ript>\"."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2005-2192",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2192"
},
{
"name": "106",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/106"
},
{
"name": "17312",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17312"
},
{
"name": "20051024 Possible Bug in PHP-Fusion 6.0.204",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-10/0272.html"
}
]
}
}

300
2009/0xxx/CVE-2009-0115.json
View File

@ -1,152 +1,152 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0115",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0115",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"refsource" : "MLIST",
"url" : "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name" : "http://launchpad.net/bugs/cve/2009-0115",
"refsource" : "MISC",
"url" : "http://launchpad.net/bugs/cve/2009-0115"
},
{
"name" : "http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml",
"refsource" : "CONFIRM",
"url" : "http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml"
},
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691"
},
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name" : "DSA-1767",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1767"
},
{
"name" : "FEDORA-2009-3449",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html"
},
{
"name" : "FEDORA-2009-3453",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html"
},
{
"name" : "SUSE-SR:2009:007",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name" : "SUSE-SR:2009:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name" : "oval:org.mitre.oval:def:9214",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214"
},
{
"name" : "34418",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34418"
},
{
"name" : "34642",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34642"
},
{
"name" : "34694",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34694"
},
{
"name" : "34710",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34710"
},
{
"name" : "34759",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34759"
},
{
"name" : "38794",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38794"
},
{
"name" : "ADV-2010-0528",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2009:007",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
},
{
"name": "34759",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34759"
},
{
"name": "38794",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38794"
},
{
"name": "[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates",
"refsource": "MLIST",
"url": "http://lists.vmware.com/pipermail/security-announce/2010/000082.html"
},
{
"name": "DSA-1767",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1767"
},
{
"name": "34642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34642"
},
{
"name": "34694",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34694"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-128.htm"
},
{
"name": "34418",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34418"
},
{
"name": "34710",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34710"
},
{
"name": "FEDORA-2009-3453",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00236.html"
},
{
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "http://launchpad.net/bugs/cve/2009-0115",
"refsource": "MISC",
"url": "http://launchpad.net/bugs/cve/2009-0115"
},
{
"name": "oval:org.mitre.oval:def:9214",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9214"
},
{
"name": "FEDORA-2009-3449",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00231.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705"
},
{
"name": "http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml",
"refsource": "CONFIRM",
"url": "http://download.opensuse.org/update/10.3-test/repodata/patch-kpartx-6082.xml"
},
{
"name": "ADV-2010-0528",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0528"
}
]
}
}

310
2009/0xxx/CVE-2009-0186.json
View File

@ -1,157 +1,157 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0186",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2009-0186",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090303 Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/501399/100/0/threaded"
},
{
"name" : "20090303 Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/501413/100/0/threaded"
},
{
"name" : "http://secunia.com/secunia_research/2009-7/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2009-7/"
},
{
"name" : "http://secunia.com/secunia_research/2009-8/",
"refsource" : "MISC",
"url" : "http://secunia.com/secunia_research/2009-8/"
},
{
"name" : "http://www.mega-nerd.com/libsndfile/NEWS",
"refsource" : "CONFIRM",
"url" : "http://www.mega-nerd.com/libsndfile/NEWS"
},
{
"name" : "DSA-1742",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1742"
},
{
"name" : "GLSA-200904-16",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-200904-16.xml"
},
{
"name" : "SUSE-SR:2009:008",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name" : "USN-749-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-749-1"
},
{
"name" : "33963",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33963"
},
{
"name" : "1021784",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1021784"
},
{
"name" : "33980",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33980"
},
{
"name" : "33981",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/33981"
},
{
"name" : "34316",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34316"
},
{
"name" : "34526",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34526"
},
{
"name" : "34642",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34642"
},
{
"name" : "34791",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34791"
},
{
"name" : "ADV-2009-0584",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0584"
},
{
"name" : "ADV-2009-0585",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0585"
},
{
"name" : "libsndfile-caf-bo(49038)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49038"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in libsndfile 1.0.18, as used in Winamp and other products, allows context-dependent attackers to execute arbitrary code via crafted description chunks in a CAF audio file, leading to a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2009-0585",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0585"
},
{
"name": "GLSA-200904-16",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-16.xml"
},
{
"name": "DSA-1742",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1742"
},
{
"name": "20090303 Secunia Research: libsndfile CAF Processing Integer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501413/100/0/threaded"
},
{
"name": "33981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33981"
},
{
"name": "33980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33980"
},
{
"name": "34642",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34642"
},
{
"name": "1021784",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021784"
},
{
"name": "34316",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34316"
},
{
"name": "libsndfile-caf-bo(49038)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49038"
},
{
"name": "34526",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34526"
},
{
"name": "SUSE-SR:2009:008",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html"
},
{
"name": "USN-749-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-749-1"
},
{
"name": "http://www.mega-nerd.com/libsndfile/NEWS",
"refsource": "CONFIRM",
"url": "http://www.mega-nerd.com/libsndfile/NEWS"
},
{
"name": "ADV-2009-0584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0584"
},
{
"name": "http://secunia.com/secunia_research/2009-7/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-7/"
},
{
"name": "33963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33963"
},
{
"name": "20090303 Secunia Research: Winamp CAF Processing Integer Overflow Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/501399/100/0/threaded"
},
{
"name": "http://secunia.com/secunia_research/2009-8/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2009-8/"
},
{
"name": "34791",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34791"
}
]
}
}

34
2009/0xxx/CVE-2009-0666.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0666",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0666",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2009/1xxx/CVE-2009-1118.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1118",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1118",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

160
2009/1xxx/CVE-2009-1590.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1590",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows remote attackers to send email to arbitrary recipients via a web form."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1590",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081213132937",
"refsource" : "CONFIRM",
"url" : "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081213132937"
},
{
"name" : "JVN#76370393",
"refsource" : "JVN",
"url" : "http://jvn.jp/en/jp/JVN76370393/index.html"
},
{
"name" : "JVNDB-2009-000023",
"refsource" : "JVNDB",
"url" : "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000023.html"
},
{
"name" : "54097",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/54097"
},
{
"name" : "34869",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34869"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows remote attackers to send email to arbitrary recipients via a web form."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2009-000023",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-000023.html"
},
{
"name": "54097",
"refsource": "OSVDB",
"url": "http://osvdb.org/54097"
},
{
"name": "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081213132937",
"refsource": "CONFIRM",
"url": "http://www.rescue.ne.jp/whatsnew/blog.cgi/permalink/20081213132937"
},
{
"name": "JVN#76370393",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN76370393/index.html"
},
{
"name": "34869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34869"
}
]
}
}

130
2009/3xxx/CVE-2009-3323.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3323",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation System mini (BAROSmini) 0.32.595 allow remote attackers to execute arbitrary PHP code via a URL in the baros_path parameter to (1) include/common_functions.php, and the main_path parameter to (2) lib_users.php, (3) lib_stats.php, and (4) lib_slots.php in include/lib/."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9724",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9724"
},
{
"name" : "barosmini-barospath-file-include(53378)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53378"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation System mini (BAROSmini) 0.32.595 allow remote attackers to execute arbitrary PHP code via a URL in the baros_path parameter to (1) include/common_functions.php, and the main_path parameter to (2) lib_users.php, (3) lib_stats.php, and (4) lib_slots.php in include/lib/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "barosmini-barospath-file-include(53378)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53378"
},
{
"name": "9724",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9724"
}
]
}
}

160
2009/3xxx/CVE-2009-3595.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-3595",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-3595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "9171",
"refsource" : "EXPLOIT-DB",
"url" : "http://www.exploit-db.com/exploits/9171"
},
{
"name" : "56570",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/56570"
},
{
"name" : "35953",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35953"
},
{
"name" : "ADV-2009-2026",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/2026"
},
{
"name" : "vspanel-results-sql-injection(51783)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51783"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows remote attackers to execute arbitrary SQL commands via the Cat_ID parameter, a different vector than CVE-2009-3590."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "vspanel-results-sql-injection(51783)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51783"
},
{
"name": "9171",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9171"
},
{
"name": "ADV-2009-2026",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/2026"
},
{
"name": "56570",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/56570"
},
{
"name": "35953",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35953"
}
]
}
}

120
2009/4xxx/CVE-2009-4393.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4393",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4393",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the Document Directorys (danp_documentdirs) extension 1.10.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}

120
2009/4xxx/CVE-2009-4398.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4398",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4398",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource" : "CONFIRM",
"url" : "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Parish of the Holy Spirit Religious Art Gallery (hs_religiousartgallery) extension 0.1.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-020/"
}
]
}
}

150
2009/4xxx/CVE-2009-4647.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4647",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.portcullis-security.com/339.php",
"refsource" : "MISC",
"url" : "http://www.portcullis-security.com/339.php"
},
{
"name" : "38176",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/38176"
},
{
"name" : "38522",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/38522"
},
{
"name" : "fta-username-xss(56247)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/56247"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Accellion Secure File Transfer Appliance before 7_0_296 allows remote attackers to inject arbitrary web script or HTML via the username parameter, which is not properly handled when the administrator views audit logs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "fta-username-xss(56247)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56247"
},
{
"name": "http://www.portcullis-security.com/339.php",
"refsource": "MISC",
"url": "http://www.portcullis-security.com/339.php"
},
{
"name": "38176",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/38176"
},
{
"name": "38522",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/38522"
}
]
}
}

140
2009/4xxx/CVE-2009-4689.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-4689",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-4689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt"
},
{
"name" : "35894",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35894"
},
{
"name" : "ADV-2009-1977",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1977"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt"
},
{
"name": "35894",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35894"
},
{
"name": "ADV-2009-1977",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1977"
}
]
}
}

34
2012/2xxx/CVE-2012-2160.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2160",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2160",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/2xxx/CVE-2012-2229.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2229",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2229",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

120
2012/2xxx/CVE-2012-2380.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2380",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-2380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20120624 CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability",
"refsource" : "FULLDISC",
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0376.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by leveraging the HTTP POST functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20120624 CVE-2012-2380: Apache Roller Cross-Site-Resource-Forgery (XSRF) vulnerability",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-06/0376.html"
}
]
}
}

34
2012/2xxx/CVE-2012-2537.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2537",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-2537",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

160
2012/2xxx/CVE-2012-2548.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2548",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Layout Use After Free Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2012-2548",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS12-063",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-063"
},
{
"name" : "TA12-255A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA12-255A.html"
},
{
"name" : "55646",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/55646"
},
{
"name" : "oval:org.mitre.oval:def:15449",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15449"
},
{
"name" : "1027555",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027555"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka \"Layout Use After Free Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "55646",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/55646"
},
{
"name": "oval:org.mitre.oval:def:15449",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15449"
},
{
"name": "1027555",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027555"
},
{
"name": "TA12-255A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA12-255A.html"
},
{
"name": "MS12-063",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-063"
}
]
}
}

34
2012/2xxx/CVE-2012-2581.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2581",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2581",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2012/6xxx/CVE-2012-6230.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6230",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2012-6230",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
}
]
}
}

220
2015/0xxx/CVE-2015-0250.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-0250",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-0250",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20150322 [CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection)",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Mar/142"
},
{
"name" : "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html"
},
{
"name" : "http://xmlgraphics.apache.org/security.html",
"refsource" : "CONFIRM",
"url" : "http://xmlgraphics.apache.org/security.html"
},
{
"name" : "http://advisories.mageia.org/MGASA-2015-0138.html",
"refsource" : "CONFIRM",
"url" : "http://advisories.mageia.org/MGASA-2015-0138.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963275",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"
},
{
"name" : "DSA-3205",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3205"
},
{
"name" : "MDVSA-2015:203",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2015:203"
},
{
"name" : "RHSA-2016:0041",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0041.html"
},
{
"name" : "RHSA-2016:0042",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2016-0042.html"
},
{
"name" : "USN-2548-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-2548-1"
},
{
"name" : "1032781",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032781"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) JPG conversion classes in Apache Batik 1.x before 1.8 allows remote attackers to read arbitrary files or cause a denial of service via a crafted SVG file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-2548-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2548-1"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21963275"
},
{
"name": "MDVSA-2015:203",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:203"
},
{
"name": "DSA-3205",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3205"
},
{
"name": "1032781",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032781"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0138.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0138.html"
},
{
"name": "20150322 [CVE-2015-0250] Apache Batik Information Disclosure Vulnerability (XXE Injection)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Mar/142"
},
{
"name": "RHSA-2016:0042",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0042.html"
},
{
"name": "http://xmlgraphics.apache.org/security.html",
"refsource": "CONFIRM",
"url": "http://xmlgraphics.apache.org/security.html"
},
{
"name": "RHSA-2016:0041",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2016-0041.html"
},
{
"name": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/130964/Apache-Batik-XXE-Injection.html"
}
]
}
}

34
2015/1xxx/CVE-2015-1017.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1017",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1017",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

130
2015/1xxx/CVE-2015-1541.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1541",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1541",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[android-security-updates] 20150812 Nexus Security Bulletin (August 2015)",
"refsource" : "MLIST",
"url" : "https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ"
},
{
"name" : "https://android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07",
"refsource" : "CONFIRM",
"url" : "https://android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The AppWidgetServiceImpl implementation in com/android/server/appwidget/AppWidgetServiceImpl.java in the Settings application in Android before 5.1.1 LMY48I allows attackers to obtain a URI permission via an application that sends an Intent with a (1) FLAG_GRANT_READ_URI_PERMISSION or (2) FLAG_GRANT_WRITE_URI_PERMISSION flag, as demonstrated by bypassing intended restrictions on reading contacts, aka internal bug 19618745."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07",
"refsource": "CONFIRM",
"url": "https://android.googlesource.com/platform/frameworks/base/+/0b98d304c467184602b4c6bce76fda0b0274bc07"
},
{
"name": "[android-security-updates] 20150812 Nexus Security Bulletin (August 2015)",
"refsource": "MLIST",
"url": "https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ"
}
]
}
}

34
2015/1xxx/CVE-2015-1960.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1960",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-1960",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2015/1xxx/CVE-2015-1974.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-1974",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@us.ibm.com",
"ID": "CVE-2015-1974",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
},
{
"name" : "75438",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/75438"
},
{
"name" : "1032734",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032734"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web administration tool in IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before iFix 68, 6.2 before iFix 44, 6.3 before iFix 37, 6.3.1 before iFix 11, and 6.4 before iFix 2 allows remote authenticated users to bypass intended command restrictions via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "75438",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75438"
},
{
"name": "1032734",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032734"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21960659"
}
]
}
}

140
2015/5xxx/CVE-2015-5181.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5181",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5181",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1248804",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1248804"
},
{
"name" : "RHSA-2015:2556",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2015-2556.html"
},
{
"name" : "RHSA-2015:2557",
"refsource" : "REDHAT",
"url" : "https://rhn.redhat.com/errata/RHSA-2015-2557.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The JBoss console in A-MQ allows remote attackers to execute arbitrary JavaScript."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1248804",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1248804"
},
{
"name": "RHSA-2015:2557",
"refsource": "REDHAT",
"url": "https://rhn.redhat.com/errata/RHSA-2015-2557.html"
},
{
"name": "RHSA-2015:2556",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2015-2556.html"
}
]
}
}

140
2015/5xxx/CVE-2015-5347.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5347",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5347",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://wicket.apache.org/news/2016/03/01/cve-2015-5347.html",
"refsource" : "CONFIRM",
"url" : "http://wicket.apache.org/news/2016/03/01/cve-2015-5347.html"
},
{
"name" : "https://issues.apache.org/jira/browse/WICKET-6037",
"refsource" : "CONFIRM",
"url" : "https://issues.apache.org/jira/browse/WICKET-6037"
},
{
"name" : "1035165",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1035165"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wicket.apache.org/news/2016/03/01/cve-2015-5347.html",
"refsource": "CONFIRM",
"url": "http://wicket.apache.org/news/2016/03/01/cve-2015-5347.html"
},
{
"name": "https://issues.apache.org/jira/browse/WICKET-6037",
"refsource": "CONFIRM",
"url": "https://issues.apache.org/jira/browse/WICKET-6037"
},
{
"name": "1035165",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1035165"
}
]
}
}

130
2015/5xxx/CVE-2015-5357.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5357",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos 13.2X51-D15 through 13.2X51-D25, 13.2X51 before 13.2X51-D30, and 14.1X53 before 14.1X53-D10 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-5357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10684",
"refsource" : "CONFIRM",
"url" : "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10684"
},
{
"name" : "1032847",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1032847"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos 13.2X51-D15 through 13.2X51-D25, 13.2X51 before 13.2X51-D30, and 14.1X53 before 14.1X53-D10 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1032847",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032847"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10684",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10684"
}
]
}
}

34
2015/5xxx/CVE-2015-5450.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5450",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2015-5450",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none."
}
]
}
}

120
2018/11xxx/CVE-2018-11036.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11036",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://www.ruckuswireless.com/security/279/view/txt",
"refsource" : "MISC",
"url" : "https://www.ruckuswireless.com/security/279/view/txt"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Ruckus SmartZone (formerly Virtual SmartCell Gateway or vSCG) 3.5.0, 3.5.1, 3.6.0, and 3.6.1 (Essentials and High Scale) on vSZ, SZ-100, SZ-300, and SCG-200 devices allows remote attackers to obtain sensitive information or modify data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.ruckuswireless.com/security/279/view/txt",
"refsource": "MISC",
"url": "https://www.ruckuswireless.com/security/279/view/txt"
}
]
}
}

120
2018/11xxx/CVE-2018-11101.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11101",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a message, and then reply to that message to trigger this vulnerability. The Signal-Desktop software fails to sanitize specific HTML elements that can be used to inject HTML code into remote chat windows when replying to an HTML message. Specifically the IMG and IFRAME elements can be used to include remote or local resources. For example, the use of an IFRAME element enables full code execution, allowing an attacker to download/upload files, information, etc. The SCRIPT element was also found to be injectable. On the Windows operating system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In this case, remote execution of JavaScript can be achieved by referencing the script on an SMB share within an IFRAME element, for example: <IFRAME src=\\\\DESKTOP-XXXXX\\Temp\\test.html> and then replying to it. The included JavaScript code is then executed automatically, without any interaction needed from the user. The vulnerability can be triggered in the Signal-Desktop client by sending a specially crafted message and then replying to it with any text or content in the reply (it doesn't matter)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11101",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180516 CVE-2018-11101: Signal-desktop HTML tag injection variant 2",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/46"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via a resource location specified in an attribute of a SCRIPT, IFRAME, or IMG element, leading to JavaScript execution after a reply, a different vulnerability than CVE-2018-10994. The attacker needs to send HTML code directly as a message, and then reply to that message to trigger this vulnerability. The Signal-Desktop software fails to sanitize specific HTML elements that can be used to inject HTML code into remote chat windows when replying to an HTML message. Specifically the IMG and IFRAME elements can be used to include remote or local resources. For example, the use of an IFRAME element enables full code execution, allowing an attacker to download/upload files, information, etc. The SCRIPT element was also found to be injectable. On the Windows operating system, the CSP fails to prevent remote inclusion of resources via the SMB protocol. In this case, remote execution of JavaScript can be achieved by referencing the script on an SMB share within an IFRAME element, for example: <IFRAME src=\\\\DESKTOP-XXXXX\\Temp\\test.html> and then replying to it. The included JavaScript code is then executed automatically, without any interaction needed from the user. The vulnerability can be triggered in the Signal-Desktop client by sending a specially crafted message and then replying to it with any text or content in the reply (it doesn't matter)."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180516 CVE-2018-11101: Signal-desktop HTML tag injection variant 2",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/46"
}
]
}
}

120
2018/11xxx/CVE-2018-11435.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11435",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11435",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20180528 libmobi 0.3 vulns",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2018/May/48"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180528 libmobi 0.3 vulns",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/May/48"
}
]
}
}

120
2018/11xxx/CVE-2018-11545.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11545",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11545",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/mity/md4c/issues/39",
"refsource" : "MISC",
"url" : "https://github.com/mity/md4c/issues/39"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mity/md4c/issues/39",
"refsource": "MISC",
"url": "https://github.com/mity/md4c/issues/39"
}
]
}
}

130
2018/11xxx/CVE-2018-11777.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@apache.org",
"ID" : "CVE-2018-11777",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Apache Hive",
"version" : {
"version_data" : [
{
"version_value" : "All versions of Hive, including 2.3.3, 3.1.0 and earlier"
}
]
}
}
]
},
"vendor_name" : "Apache Software Foundation"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Exposure of Resource to Wrong Sphere"
}
"CVE_data_meta": {
"ASSIGNER": "security@apache.org",
"ID": "CVE-2018-11777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Apache Hive",
"version": {
"version_data": [
{
"version_value": "All versions of Hive, including 2.3.3, 3.1.0 and earlier"
}
]
}
}
]
},
"vendor_name": "Apache Software Foundation"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E",
"refsource" : "MISC",
"url" : "https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E"
},
{
"name" : "105886",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105886"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Exposure of Resource to Wrong Sphere"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105886",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105886"
},
{
"name": "https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E",
"refsource": "MISC",
"url": "https://lists.apache.org/thread.html/963c8e2516405c9b532b4add16c03b2c5db621e0c83e80f45049cbbb@%3Cdev.hive.apache.org%3E"
}
]
}
}

34
2018/7xxx/CVE-2018-7010.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7010",
"STATE" : "REJECT"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-7010",
"ASSIGNER": "cve@mitre.org",
"STATE": "REJECT"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
}
]
}
}

34
2018/7xxx/CVE-2018-7145.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7145",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7145",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/7xxx/CVE-2018-7288.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7288",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7288",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

140
2018/7xxx/CVE-2018-7737.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-7737",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7737",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44407",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44407/"
},
{
"name" : "https://github.com/ponyma233/cms/blob/master/Z-Blog_1.5.1.1740_bugs.md#web-site-physical-path-leakage",
"refsource" : "MISC",
"url" : "https://github.com/ponyma233/cms/blob/master/Z-Blog_1.5.1.1740_bugs.md#web-site-physical-path-leakage"
},
{
"name" : "https://packetstormsecurity.com/files/147063/Z-Blog-1.5.1.1740-Full-Path-Disclosure.html",
"refsource" : "MISC",
"url" : "https://packetstormsecurity.com/files/147063/Z-Blog-1.5.1.1740-Full-Path-Disclosure.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as demonstrated by admin_footer.php or admin_footer.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/ponyma233/cms/blob/master/Z-Blog_1.5.1.1740_bugs.md#web-site-physical-path-leakage",
"refsource": "MISC",
"url": "https://github.com/ponyma233/cms/blob/master/Z-Blog_1.5.1.1740_bugs.md#web-site-physical-path-leakage"
},
{
"name": "44407",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44407/"
},
{
"name": "https://packetstormsecurity.com/files/147063/Z-Blog-1.5.1.1740-Full-Path-Disclosure.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/147063/Z-Blog-1.5.1.1740-Full-Path-Disclosure.html"
}
]
}
}

448
2018/8xxx/CVE-2018-8440.json
View File

@ -1,226 +1,226 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8440",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2008",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 2"
},
{
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value" : "Itanium-Based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka \"Windows ALPC Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8440",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html",
"refsource" : "MISC",
"url" : "https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html"
},
{
"name" : "https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html",
"refsource" : "MISC",
"url" : "https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html"
},
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440"
},
{
"name" : "105153",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105153"
},
{
"name" : "1041578",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1041578"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC), aka \"Windows ALPC Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440"
},
{
"name": "https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html",
"refsource": "MISC",
"url": "https://blog.0patch.com/2018/09/comparing-our-micropatch-with.html"
},
{
"name": "https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html",
"refsource": "MISC",
"url": "https://blog.0patch.com/2018/08/how-we-micropatched-publicly-dropped.html"
},
{
"name": "1041578",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041578"
},
{
"name": "105153",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105153"
}
]
}
}

376
2018/8xxx/CVE-2018-8561.json
View File

@ -1,190 +1,190 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8561",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2019",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for ARM64-based Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for ARM64-based Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "Version 1809 for 32-bit Systems"
},
{
"version_value" : "Version 1809 for ARM64-based Systems"
},
{
"version_value" : "Version 1809 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka \"DirectX Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8485, CVE-2018-8554."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for ARM64-based Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for ARM64-based Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for ARM64-based Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8561",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8561"
},
{
"name" : "105813",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105813"
},
{
"name" : "1042135",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1042135"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka \"DirectX Elevation of Privilege Vulnerability.\" This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers. This CVE ID is unique from CVE-2018-8485, CVE-2018-8554."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8561",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8561"
},
{
"name": "1042135",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042135"
},
{
"name": "105813",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105813"
}
]
}
}

468
2018/8xxx/CVE-2018-8611.json
View File

@ -1,236 +1,236 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8611",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Windows 7",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name" : "Windows Server 2012 R2",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows RT 8.1",
"version" : {
"version_data" : [
{
"version_value" : "Windows RT 8.1"
}
]
}
},
{
"product_name" : "Windows Server 2008",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems Service Pack 2"
},
{
"version_value" : "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value" : "Itanium-Based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2"
},
{
"version_value" : "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2019",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2012",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 8.1",
"version" : {
"version_data" : [
{
"version_value" : "32-bit systems"
},
{
"version_value" : "x64-based systems"
}
]
}
},
{
"product_name" : "Windows Server 2016",
"version" : {
"version_data" : [
{
"version_value" : "(Server Core installation)"
}
]
}
},
{
"product_name" : "Windows Server 2008 R2",
"version" : {
"version_data" : [
{
"version_value" : "Itanium-Based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1"
},
{
"version_value" : "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name" : "Windows 10",
"version" : {
"version_data" : [
{
"version_value" : "32-bit Systems"
},
{
"version_value" : "Version 1607 for 32-bit Systems"
},
{
"version_value" : "Version 1607 for x64-based Systems"
},
{
"version_value" : "Version 1703 for 32-bit Systems"
},
{
"version_value" : "Version 1703 for x64-based Systems"
},
{
"version_value" : "Version 1709 for 32-bit Systems"
},
{
"version_value" : "Version 1709 for ARM64-based Systems"
},
{
"version_value" : "Version 1709 for x64-based Systems"
},
{
"version_value" : "Version 1803 for 32-bit Systems"
},
{
"version_value" : "Version 1803 for ARM64-based Systems"
},
{
"version_value" : "Version 1803 for x64-based Systems"
},
{
"version_value" : "Version 1809 for 32-bit Systems"
},
{
"version_value" : "Version 1809 for ARM64-based Systems"
},
{
"version_value" : "Version 1809 for x64-based Systems"
},
{
"version_value" : "x64-based Systems"
}
]
}
},
{
"product_name" : "Windows 10 Servers",
"version" : {
"version_data" : [
{
"version_value" : "version 1709 (Server Core Installation)"
},
{
"version_value" : "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \"Windows Kernel Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Elevation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8611",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Windows 7",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
}
]
}
},
{
"product_name": "Windows Server 2012 R2",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows RT 8.1",
"version": {
"version_data": [
{
"version_value": "Windows RT 8.1"
}
]
}
},
{
"product_name": "Windows Server 2008",
"version": {
"version_data": [
{
"version_value": "32-bit Systems Service Pack 2"
},
{
"version_value": "32-bit Systems Service Pack 2 (Server Core installation)"
},
{
"version_value": "Itanium-Based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2"
},
{
"version_value": "x64-based Systems Service Pack 2 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2019",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2012",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows 8.1",
"version": {
"version_data": [
{
"version_value": "32-bit systems"
},
{
"version_value": "x64-based systems"
}
]
}
},
{
"product_name": "Windows Server 2016",
"version": {
"version_data": [
{
"version_value": "(Server Core installation)"
}
]
}
},
{
"product_name": "Windows Server 2008 R2",
"version": {
"version_data": [
{
"version_value": "Itanium-Based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1"
},
{
"version_value": "x64-based Systems Service Pack 1 (Server Core installation)"
}
]
}
},
{
"product_name": "Windows 10",
"version": {
"version_data": [
{
"version_value": "32-bit Systems"
},
{
"version_value": "Version 1607 for 32-bit Systems"
},
{
"version_value": "Version 1607 for x64-based Systems"
},
{
"version_value": "Version 1703 for 32-bit Systems"
},
{
"version_value": "Version 1703 for x64-based Systems"
},
{
"version_value": "Version 1709 for 32-bit Systems"
},
{
"version_value": "Version 1709 for ARM64-based Systems"
},
{
"version_value": "Version 1709 for x64-based Systems"
},
{
"version_value": "Version 1803 for 32-bit Systems"
},
{
"version_value": "Version 1803 for ARM64-based Systems"
},
{
"version_value": "Version 1803 for x64-based Systems"
},
{
"version_value": "Version 1809 for 32-bit Systems"
},
{
"version_value": "Version 1809 for ARM64-based Systems"
},
{
"version_value": "Version 1809 for x64-based Systems"
},
{
"version_value": "x64-based Systems"
}
]
}
},
{
"product_name": "Windows 10 Servers",
"version": {
"version_data": [
{
"version_value": "version 1709 (Server Core Installation)"
},
{
"version_value": "version 1803 (Server Core Installation)"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611"
},
{
"name" : "106082",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106082"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka \"Windows Kernel Elevation of Privilege Vulnerability.\" This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106082",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106082"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8611"
}
]
}
}

334
2018/8xxx/CVE-2018-8628.json
View File

@ -1,169 +1,169 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8628",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Office",
"version" : {
"version_data" : [
{
"version_value" : "2016 for Mac"
},
{
"version_value" : "2019 for 32-bit editions"
},
{
"version_value" : "2019 for 64-bit editions"
},
{
"version_value" : "2019 for Mac"
},
{
"version_value" : "Compatibility Pack Service Pack 3"
},
{
"version_value" : "Web Apps 2010 Service Pack 2"
},
{
"version_value" : "Web Apps 2013 Service Pack 1"
}
]
}
},
{
"product_name" : "Microsoft PowerPoint",
"version" : {
"version_data" : [
{
"version_value" : "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value" : "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value" : "2013 RT Service Pack 1"
},
{
"version_value" : "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value" : "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value" : "2016 (32-bit edition)"
},
{
"version_value" : "2016 (64-bit edition)"
}
]
}
},
{
"product_name" : "Microsoft SharePoint",
"version" : {
"version_data" : [
{
"version_value" : "Enterprise Server 2016"
}
]
}
},
{
"product_name" : "Microsoft PowerPoint Viewer",
"version" : {
"version_data" : [
{
"version_value" : "Microsoft PowerPoint Viewer"
}
]
}
},
{
"product_name" : "Office",
"version" : {
"version_data" : [
{
"version_value" : "365 ProPlus for 32-bit Systems"
},
{
"version_value" : "365 ProPlus for 64-bit Systems"
}
]
}
},
{
"product_name" : "Office Online Server",
"version" : {
"version_data" : [
{
"version_value" : "Office Online Server"
}
]
}
},
{
"product_name" : "Microsoft SharePoint Server",
"version" : {
"version_data" : [
{
"version_value" : "2013 Service Pack 1"
},
{
"version_value" : "2019"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Office",
"version": {
"version_data": [
{
"version_value": "2016 for Mac"
},
{
"version_value": "2019 for 32-bit editions"
},
{
"version_value": "2019 for 64-bit editions"
},
{
"version_value": "2019 for Mac"
},
{
"version_value": "Compatibility Pack Service Pack 3"
},
{
"version_value": "Web Apps 2010 Service Pack 2"
},
{
"version_value": "Web Apps 2013 Service Pack 1"
}
]
}
},
{
"product_name": "Microsoft PowerPoint",
"version": {
"version_data": [
{
"version_value": "2010 Service Pack 2 (32-bit editions)"
},
{
"version_value": "2010 Service Pack 2 (64-bit editions)"
},
{
"version_value": "2013 RT Service Pack 1"
},
{
"version_value": "2013 Service Pack 1 (32-bit editions)"
},
{
"version_value": "2013 Service Pack 1 (64-bit editions)"
},
{
"version_value": "2016 (32-bit edition)"
},
{
"version_value": "2016 (64-bit edition)"
}
]
}
},
{
"product_name": "Microsoft SharePoint",
"version": {
"version_data": [
{
"version_value": "Enterprise Server 2016"
}
]
}
},
{
"product_name": "Microsoft PowerPoint Viewer",
"version": {
"version_data": [
{
"version_value": "Microsoft PowerPoint Viewer"
}
]
}
},
{
"product_name": "Office",
"version": {
"version_data": [
{
"version_value": "365 ProPlus for 32-bit Systems"
},
{
"version_value": "365 ProPlus for 64-bit Systems"
}
]
}
},
{
"product_name": "Office Online Server",
"version": {
"version_data": [
{
"version_value": "Office Online Server"
}
]
}
},
{
"product_name": "Microsoft SharePoint Server",
"version": {
"version_data": [
{
"version_value": "2013 Service Pack 1"
},
{
"version_value": "2019"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628"
},
{
"name" : "106104",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106104"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A remote code execution vulnerability exists in Microsoft PowerPoint software when the software fails to properly handle objects in memory, aka \"Microsoft PowerPoint Remote Code Execution Vulnerability.\" This affects Microsoft Office, Office 365 ProPlus, Microsoft PowerPoint, Microsoft SharePoint, Microsoft PowerPoint Viewer, Office Online Server, Microsoft SharePoint Server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8628"
},
{
"name": "106104",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106104"
}
]
}
}