admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-06-19 17:32:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:31:19 +00:00
parent e71b069670
commit 96d24a0bd3
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
59 changed files with 4432 additions and 4432 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

160
2005/0xxx/CVE-2005-0086.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0086", "ID": "CVE-2005-0086",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "FLSA:2404", "description_data": [
"refsource" : "FEDORA", {
"url" : "https://bugzilla.fedora.us/show_bug.cgi?id=2404" "lang": "eng",
}, "value": "Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale."
{ }
"name" : "RHSA-2005:068", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2005-068.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145527", "description": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145527" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "oval:org.mitre.oval:def:11027", ]
"refsource" : "OVAL", }
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11027" ]
}, },
{ "references": {
"name" : "less-file-bo(19131)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19131" "name": "oval:org.mitre.oval:def:11027",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11027"
} },
} {
"name": "less-file-bo(19131)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19131"
},
{
"name": "RHSA-2005:068",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-068.html"
},
{
"name": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145527",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145527"
},
{
"name": "FLSA:2404",
"refsource": "FEDORA",
"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2404"
}
]
}
}

220
2005/0xxx/CVE-2005-0201.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0201", "ID": "CVE-2005-0201",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MDKSA-2005:105", "description_data": [
"refsource" : "MANDRAKE", {
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:105" "lang": "eng",
}, "value": "D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket."
{ }
"name" : "RHSA-2005:102", ]
"refsource" : "REDHAT", },
"url" : "http://www.redhat.com/support/errata/RHSA-2005-102.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "USN-144-1", "description": [
"refsource" : "UBUNTU", {
"url" : "https://usn.ubuntu.com/144-1/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ESB-2005.0435", ]
"refsource" : "AUSCERT", }
"url" : "http://www.auscert.org.au/render.html?it=5156" ]
}, },
{ "references": {
"name" : "12435", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/12435" "name": "15833",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/15833"
"name" : "oval:org.mitre.oval:def:10973", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10973" "name": "15844",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/15844"
"name" : "1013075", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1013075" "name": "12435",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/12435"
"name" : "14119", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14119" "name": "MDKSA-2005:105",
}, "refsource": "MANDRAKE",
{ "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:105"
"name" : "15638", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15638" "name": "oval:org.mitre.oval:def:10973",
}, "refsource": "OVAL",
{ "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10973"
"name" : "15833", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15833" "name": "1013075",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1013075"
"name" : "15844", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/15844" "name": "15638",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/15638"
} },
} {
"name": "RHSA-2005:102",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-102.html"
},
{
"name": "ESB-2005.0435",
"refsource": "AUSCERT",
"url": "http://www.auscert.org.au/render.html?it=5156"
},
{
"name": "USN-144-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/144-1/"
},
{
"name": "14119",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14119"
}
]
}
}

130
2005/0xxx/CVE-2005-0477.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0477", "ID": "CVE-2005-0477",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050217 Invision Power Boards 1.3.1 FINAL XSS Exploit", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110868196922995&w=2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url."
{ }
"name" : "invision-power-board-sml-xss(19399)", ]
"refsource" : "XF", },
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19399" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "invision-power-board-sml-xss(19399)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19399"
},
{
"name": "20050217 Invision Power Boards 1.3.1 FINAL XSS Exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110868196922995&w=2"
}
]
}
}

170
2005/0xxx/CVE-2005-0611.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2005-0611", "ID": "CVE-2005-0611",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=110979465912834&w=2" "lang": "eng",
}, "value": "Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files."
{ }
"name" : "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability", ]
"refsource" : "VULNWATCH", },
"url" : "http://marc.info/?l=vulnwatch&m=110977858619314&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://service.real.com/help/faq/security/050224_player/EN/", "description": [
"refsource" : "CONFIRM", {
"url" : "http://service.real.com/help/faq/security/050224_player/EN/" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "RHSA-2005:265", ]
"refsource" : "REDHAT", }
"url" : "http://www.redhat.com/support/errata/RHSA-2005-265.html" ]
}, },
{ "references": {
"name" : "RHSA-2005:271", "reference_data": [
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2005-271.html" "name": "RHSA-2005:271",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2005-271.html"
"name" : "oval:org.mitre.oval:def:11419", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419" "name": "oval:org.mitre.oval:def:11419",
} "refsource": "OVAL",
] "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11419"
} },
} {
"name": "http://service.real.com/help/faq/security/050224_player/EN/",
"refsource": "CONFIRM",
"url": "http://service.real.com/help/faq/security/050224_player/EN/"
},
{
"name": "RHSA-2005:265",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-265.html"
},
{
"name": "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110979465912834&w=2"
},
{
"name": "20050302 RealOne Player / Real .WAV Heap Overflow File Format Vulnerability",
"refsource": "VULNWATCH",
"url": "http://marc.info/?l=vulnwatch&m=110977858619314&w=2"
}
]
}
}

140
2005/0xxx/CVE-2005-0682.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-0682", "ID": "CVE-2005-0682",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://drupal.org/drupal-4.5.2", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://drupal.org/drupal-4.5.2" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs."
{ }
"name" : "http://drupal.org/files/drupal-4.5-xss-fix.patch", ]
"refsource" : "CONFIRM", },
"url" : "http://drupal.org/files/drupal-4.5-xss-fix.patch" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14515", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/14515" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://drupal.org/files/drupal-4.5-xss-fix.patch",
"refsource": "CONFIRM",
"url": "http://drupal.org/files/drupal-4.5-xss-fix.patch"
},
{
"name": "14515",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14515"
},
{
"name": "http://drupal.org/drupal-4.5.2",
"refsource": "CONFIRM",
"url": "http://drupal.org/drupal-4.5.2"
}
]
}
}

160
2005/2xxx/CVE-2005-2412.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2412", "ID": "CVE-2005-2412",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20050724 PHP FirstPost remote file include vulnerability", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://marc.info/?l=bugtraq&m=112230599222543&w=2" "lang": "eng",
}, "value": "PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter."
{ }
"name" : "14371", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/14371" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "18394", "description": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/18394" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1014563", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1014563" ]
}, },
{ "references": {
"name" : "php-firstpost-block-file-include(21513)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21513" "name": "18394",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/18394"
} },
} {
"name": "1014563",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014563"
},
{
"name": "php-firstpost-block-file-include(21513)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21513"
},
{
"name": "20050724 PHP FirstPost remote file include vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=112230599222543&w=2"
},
{
"name": "14371",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14371"
}
]
}
}

220
2005/2xxx/CVE-2005-2454.json
View File

@ -1,112 +1,112 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-2454", "ID": "CVE-2005-2454",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the \"Notes\" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20061018 Secunia Research: IBM Lotus Notes Insecure Default FolderPermissions", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/449126/100/0/threaded" "lang": "eng",
}, "value": "IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the \"Notes\" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder."
{ }
"name" : "http://secunia.com/secunia_research/2005-29/advisory/", ]
"refsource" : "MISC", },
"url" : "http://secunia.com/secunia_research/2005-29/advisory/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "VU#383092", ]
"refsource" : "CERT-VN", }
"url" : "http://www.kb.cert.org/vuls/id/383092" ]
}, },
{ "references": {
"name" : "20612", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/20612" "name": "ADV-2006-4093",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2006/4093"
"name" : "ADV-2006-4093", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2006/4093" "name": "http://secunia.com/secunia_research/2005-29/advisory/",
}, "refsource": "MISC",
{ "url": "http://secunia.com/secunia_research/2005-29/advisory/"
"name" : "29761", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/29761" "name": "29761",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/29761"
"name" : "1017086", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1017086" "name": "VU#383092",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/383092"
"name" : "19537", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/19537" "name": "19537",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/19537"
"name" : "27342", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/27342" "name": "20061018 Secunia Research: IBM Lotus Notes Insecure Default FolderPermissions",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/449126/100/0/threaded"
"name" : "lotusnotes-directory-insecure-permission(29660)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/29660" "name": "27342",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/27342"
} },
} {
"name": "20612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20612"
},
{
"name": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773",
"refsource": "CONFIRM",
"url": "http://www-1.ibm.com/support/docview.wss?rs=463&uid=swg21246773"
},
{
"name": "lotusnotes-directory-insecure-permission(29660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29660"
},
{
"name": "1017086",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017086"
}
]
}
}

260
2005/3xxx/CVE-2005-3252.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-3252", "ID": "CVE-2005-3252",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051018 Snort Back Orifice Parsing Remote Code Execution", "description_data": [
"refsource" : "ISS", {
"url" : "http://xforce.iss.net/xforce/alerts/id/207" "lang": "eng",
}, "value": "Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet."
{ }
"name" : "20051025 Snort's BO pre-processor exploit", ]
"refsource" : "FULLDISC", },
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0505.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20051101 Snort Back Orifice Preprocessor Exploit (Win32 targets)", "description": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0010.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt", ]
"refsource" : "CONFIRM", }
"url" : "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt" ]
}, },
{ "references": {
"name" : "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=362187&RenditionID=", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=362187&RenditionID=" "name": "VU#175500",
}, "refsource": "CERT-VN",
{ "url": "http://www.kb.cert.org/vuls/id/175500"
"name" : "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=363396&RenditionID=", },
"refsource" : "CONFIRM", {
"url" : "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=363396&RenditionID=" "name": "20051025 Snort's BO pre-processor exploit",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0505.html"
"name" : "TA05-291A", },
"refsource" : "CERT", {
"url" : "http://www.us-cert.gov/cas/techalerts/TA05-291A.html" "name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=362187&RenditionID=",
}, "refsource": "CONFIRM",
{ "url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=362187&RenditionID="
"name" : "VU#175500", },
"refsource" : "CERT-VN", {
"url" : "http://www.kb.cert.org/vuls/id/175500" "name": "15131",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/15131"
"name" : "15131", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15131" "name": "ADV-2005-2138",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/2138"
"name" : "ADV-2005-2138", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2138" "name": "17559",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/17559"
"name" : "20034", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/20034" "name": "20051018 Snort Back Orifice Parsing Remote Code Execution",
}, "refsource": "ISS",
{ "url": "http://xforce.iss.net/xforce/alerts/id/207"
"name" : "1015070", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015070" "name": "20034",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/20034"
"name" : "17559", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17559" "name": "20051101 Snort Back Orifice Preprocessor Exploit (Win32 targets)",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0010.html"
"name" : "17220", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17220" "name": "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt",
}, "refsource": "CONFIRM",
{ "url": "http://www.snort.org/docs/change_logs/2.4.3/Changelog.txt"
"name" : "17255", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17255" "name": "17220",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/17220"
} },
} {
"name": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=363396&RenditionID=",
"refsource": "CONFIRM",
"url": "http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=363396&RenditionID="
},
{
"name": "TA05-291A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA05-291A.html"
},
{
"name": "1015070",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015070"
},
{
"name": "17255",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17255"
}
]
}
}

34
2005/3xxx/CVE-2005-3597.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2005-3597", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2005-3597",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3573. Reason: This candidate is a duplicate of CVE-2005-3573. A CNA error by MITRE introduced the duplicate. Notes: All CVE users should reference CVE-2005-3573 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3573. Reason: This candidate is a duplicate of CVE-2005-3573. A CNA error by MITRE introduced the duplicate. Notes: All CVE users should reference CVE-2005-3573 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
} }
] ]
} }
} }

210
2005/4xxx/CVE-2005-4012.json
View File

@ -1,107 +1,107 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4012", "ID": "CVE-2005-4012",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051128 Php Web Statistik Multiple Vulnerabilities", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html" "lang": "eng",
}, "value": "Multiple cross-site scripting (XSS) vulnerabilities in PHP Web Statistik 1.4 allows remote attackers to inject arbitrary web script or HTML via (1) the lastnumber parameter to stat.php and (2) the HTTP referer to pixel.php."
{ }
"name" : "http://www.ush.it/2005/11/19/php-web-statistik/", ]
"refsource" : "MISC", },
"url" : "http://www.ush.it/2005/11/19/php-web-statistik/" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://freewebstat.com/changelog-english.html", "description": [
"refsource" : "MISC", {
"url" : "http://freewebstat.com/changelog-english.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "15603", ]
"refsource" : "BID", }
"url" : "http://www.securityfocus.com/bid/15603" ]
}, },
{ "references": {
"name" : "ADV-2005-2645", "reference_data": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2645" "name": "ADV-2005-2645",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2005/2645"
"name" : "21208", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/21208" "name": "http://freewebstat.com/changelog-english.html",
}, "refsource": "MISC",
{ "url": "http://freewebstat.com/changelog-english.html"
"name" : "21212", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/21212" "name": "21212",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/21212"
"name" : "17789", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17789" "name": "phpwebstatistik-referer-xss(23385)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23385"
"name" : "phpwebstatistik-referer-xss(23385)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23385" "name": "20051128 Php Web Statistik Multiple Vulnerabilities",
}, "refsource": "BUGTRAQ",
{ "url": "http://cert.uni-stuttgart.de/archive/bugtraq/2005/11/msg00325.html"
"name" : "phpwebstatistik-stat-xss(23379)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23379" "name": "21208",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/21208"
} },
} {
"name": "17789",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17789"
},
{
"name": "15603",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15603"
},
{
"name": "http://www.ush.it/2005/11/19/php-web-statistik/",
"refsource": "MISC",
"url": "http://www.ush.it/2005/11/19/php-web-statistik/"
},
{
"name": "phpwebstatistik-stat-xss(23379)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23379"
}
]
}
}

260
2005/4xxx/CVE-2005-4199.json
View File

@ -1,132 +1,132 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4199", "ID": "CVE-2005-4199",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/419067/100/0/threaded" "lang": "eng",
}, "value": "Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4) threadmode and (5) showcodebuttons in an options action in usercp.php; (6) list parameter in an editlists action to usercp.php; (7) rating parameter in a rate action in member.php; and (8) rating parameter in either showthread.php or ratethread.php."
{ }
"name" : "20051223 [TKADV2005-12-001] Multiple SQL Injection vulnerabilities in MyBB", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/420159/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB", "description": [
"refsource" : "FULLDISC", {
"url" : "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.trapkit.de/advisories/TKPN2005-12-001.txt", ]
"refsource" : "MISC", }
"url" : "http://www.trapkit.de/advisories/TKPN2005-12-001.txt" ]
}, },
{ "references": {
"name" : "http://www.trapkit.de/advisories/TKADV2005-12-001.txt", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.trapkit.de/advisories/TKADV2005-12-001.txt" "name": "15793",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/15793"
"name" : "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964", },
"refsource" : "CONFIRM", {
"url" : "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964" "name": "22158",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22158"
"name" : "15793", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15793" "name": "18000",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/18000"
"name" : "ADV-2005-2842", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2842" "name": "22156",
}, "refsource": "OSVDB",
{ "url": "http://www.osvdb.org/22156"
"name" : "22156", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22156" "name": "20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/419067/100/0/threaded"
"name" : "22157", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22157" "name": "http://www.trapkit.de/advisories/TKPN2005-12-001.txt",
}, "refsource": "MISC",
{ "url": "http://www.trapkit.de/advisories/TKPN2005-12-001.txt"
"name" : "22158", },
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/22158" "name": "246",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/246"
"name" : "1015407", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1015407" "name": "1015407",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1015407"
"name" : "18000", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18000" "name": "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964",
}, "refsource": "CONFIRM",
{ "url": "http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964"
"name" : "246", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/246" "name": "20051209 [TKPN2005-12-001] Multiple critical vulnerabilities in MyBB",
}, "refsource": "FULLDISC",
{ "url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0379.html"
"name" : "294", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/294" "name": "22157",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/22157"
} },
} {
"name": "http://www.trapkit.de/advisories/TKADV2005-12-001.txt",
"refsource": "MISC",
"url": "http://www.trapkit.de/advisories/TKADV2005-12-001.txt"
},
{
"name": "20051223 [TKADV2005-12-001] Multiple SQL Injection vulnerabilities in MyBB",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/420159/100/0/threaded"
},
{
"name": "294",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/294"
},
{
"name": "ADV-2005-2842",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2842"
}
]
}
}

160
2005/4xxx/CVE-2005-4234.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4234", "ID": "CVE-2005-4234",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://pridels0.blogspot.com/2005/12/encapsgallery-sql-inj-vuln.html", "description_data": [
"refsource" : "MISC", {
"url" : "http://pridels0.blogspot.com/2005/12/encapsgallery-sql-inj-vuln.html" "lang": "eng",
}, "value": "SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
{ }
"name" : "15836", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15836" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2878", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2878" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "21696", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/21696" ]
}, },
{ "references": {
"name" : "18021", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18021" "name": "http://pridels0.blogspot.com/2005/12/encapsgallery-sql-inj-vuln.html",
} "refsource": "MISC",
] "url": "http://pridels0.blogspot.com/2005/12/encapsgallery-sql-inj-vuln.html"
} },
} {
"name": "ADV-2005-2878",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2878"
},
{
"name": "21696",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/21696"
},
{
"name": "18021",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18021"
},
{
"name": "15836",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15836"
}
]
}
}

160
2005/4xxx/CVE-2005-4344.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4344", "ID": "CVE-2005-4344",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html" "lang": "eng",
}, "value": "Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the CFOBJECT /CreateObject(Java) setting is disabled, which allows local users to create an object despite the specified configuration."
{ }
"name" : "15904", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/15904" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "ADV-2005-2948", "description": [
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2005/2948" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1015371", ]
"refsource" : "SECTRACK", }
"url" : "http://securitytracker.com/id?1015371" ]
}, },
{ "references": {
"name" : "18078", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/18078" "name": "18078",
} "refsource": "SECUNIA",
] "url": "http://secunia.com/advisories/18078"
} },
} {
"name": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html",
"refsource": "CONFIRM",
"url": "http://www.macromedia.com/devnet/security/security_zone/mpsb05-14.html"
},
{
"name": "15904",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15904"
},
{
"name": "1015371",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015371"
},
{
"name": "ADV-2005-2948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2948"
}
]
}
}

180
2005/4xxx/CVE-2005-4563.json
View File

@ -1,92 +1,92 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4563", "ID": "CVE-2005-4563",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in main.php in Enterprise Heart Enterprise Connector 1.0.2 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the loginid parameter, a different vulnerability than CVE-2005-3875."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20051220 Enterprise Connector v.1.02 Multiple SQL Vulnerabilities and Login Bypass", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/419895" "lang": "eng",
}, "value": "SQL injection vulnerability in main.php in Enterprise Heart Enterprise Connector 1.0.2 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the loginid parameter, a different vulnerability than CVE-2005-3875."
{ }
"name" : "20051220 Enterprise Connector v.1.02 Multiple SQL", ]
"refsource" : "FULLDISC", },
"url" : "http://marc.info/?l=full-disclosure&m=113510305413525&w=2" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "15984", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/15984" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "22163", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/22163" ]
}, },
{ "references": {
"name" : "17743", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/17743" "name": "278",
}, "refsource": "SREASON",
{ "url": "http://securityreason.com/securityalert/278"
"name" : "278", },
"refsource" : "SREASON", {
"url" : "http://securityreason.com/securityalert/278" "name": "20051220 Enterprise Connector v.1.02 Multiple SQL Vulnerabilities and Login Bypass",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/419895"
"name" : "enterpriseconnector-main-sql-injection(23845)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/23845" "name": "enterpriseconnector-main-sql-injection(23845)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23845"
} },
} {
"name": "20051220 Enterprise Connector v.1.02 Multiple SQL",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure&m=113510305413525&w=2"
},
{
"name": "22163",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22163"
},
{
"name": "15984",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15984"
},
{
"name": "17743",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17743"
}
]
}
}

190
2005/4xxx/CVE-2005-4813.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2005-4813", "ID": "CVE-2005-4813",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://support.businessobjects.com/downloads/critical_updates/security_bulletin_june05.asp", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://support.businessobjects.com/downloads/critical_updates/security_bulletin_june05.asp" "lang": "eng",
}, "value": "Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections."
{ }
"name" : "http://support.businessobjects.com/library/kbase/articles/c2017748.asp", ]
"refsource" : "CONFIRM", },
"url" : "http://support.businessobjects.com/library/kbase/articles/c2017748.asp" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "14433", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/14433" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "18473", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/18473" ]
}, },
{ "references": {
"name" : "1014604", "reference_data": [
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014604" "name": "1014605",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1014605"
"name" : "1014605", },
"refsource" : "SECTRACK", {
"url" : "http://securitytracker.com/id?1014605" "name": "1014604",
}, "refsource": "SECTRACK",
{ "url": "http://securitytracker.com/id?1014604"
"name" : "16282", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/16282" "name": "http://support.businessobjects.com/downloads/critical_updates/security_bulletin_june05.asp",
}, "refsource": "CONFIRM",
{ "url": "http://support.businessobjects.com/downloads/critical_updates/security_bulletin_june05.asp"
"name" : "business-object-crystal-server-dos(21654)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/21654" "name": "14433",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/14433"
} },
} {
"name": "http://support.businessobjects.com/library/kbase/articles/c2017748.asp",
"refsource": "CONFIRM",
"url": "http://support.businessobjects.com/library/kbase/articles/c2017748.asp"
},
{
"name": "business-object-crystal-server-dos(21654)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21654"
},
{
"name": "18473",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18473"
},
{
"name": "16282",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16282"
}
]
}
}

520
2009/0xxx/CVE-2009-0733.json
View File

@ -1,262 +1,262 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-0733", "ID": "CVE-2009-0733",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20090320 [oCERT-2009-003] LittleCMS integer errors", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/502031/100/0/threaded" "lang": "eng",
}, "value": "Multiple stack-based buffer overflows in the ReadSetOfCurves function in LittleCMS (aka lcms or liblcms) before 1.18beta2, as used in Firefox 3.1beta, OpenJDK, and GIMP, allow context-dependent attackers to execute arbitrary code via a crafted image file associated with a large integer value for the (1) input or (2) output channel, related to the ReadLUT_A2B and ReadLUT_B2A functions."
{ }
"name" : "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)", ]
"refsource" : "BUGTRAQ", },
"url" : "http://www.securityfocus.com/archive/1/502018/100/0/threaded" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://scary.beasts.org/security/CESA-2009-003.html", "description": [
"refsource" : "MISC", {
"url" : "http://scary.beasts.org/security/CESA-2009-003.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html", ]
"refsource" : "MISC", }
"url" : "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html" ]
}, },
{ "references": {
"name" : "http://www.ocert.org/advisories/ocert-2009-003.html", "reference_data": [
"refsource" : "MISC", {
"url" : "http://www.ocert.org/advisories/ocert-2009-003.html" "name": "FEDORA-2009-2970",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html"
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=487512", },
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=487512" "name": "littlecms-readsetofcurves-bo(49330)",
}, "refsource": "XF",
{ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49330"
"name" : "DSA-1745", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1745" "name": "MDVSA-2009:137",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137"
"name" : "DSA-1769", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2009/dsa-1769" "name": "34632",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34632"
"name" : "FEDORA-2009-2903", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html" "name": "34450",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34450"
"name" : "FEDORA-2009-2910", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html" "name": "1021869",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id?1021869"
"name" : "FEDORA-2009-2928", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html" "name": "FEDORA-2009-2928",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00811.html"
"name" : "FEDORA-2009-2970", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00851.html" "name": "SUSE-SR:2009:007",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html"
"name" : "FEDORA-2009-2982", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html" "name": "USN-744-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-744-1"
"name" : "FEDORA-2009-2983", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html" "name": "DSA-1745",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1745"
"name" : "FEDORA-2009-3034", },
"refsource" : "FEDORA", {
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html" "name": "34675",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34675"
"name" : "GLSA-200904-19", },
"refsource" : "GENTOO", {
"url" : "http://security.gentoo.org/glsa/glsa-200904-19.xml" "name": "34454",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34454"
"name" : "MDVSA-2009:121", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121" "name": "34442",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34442"
"name" : "MDVSA-2009:137", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:137" "name": "FEDORA-2009-2982",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00856.html"
"name" : "MDVSA-2009:162", },
"refsource" : "MANDRIVA", {
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162" "name": "FEDORA-2009-3034",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00921.html"
"name" : "RHSA-2009:0339", },
"refsource" : "REDHAT", {
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0339.html" "name": "FEDORA-2009-2903",
}, "refsource": "FEDORA",
{ "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00794.html"
"name" : "RHSA-2009:0377", },
"refsource" : "REDHAT", {
"url" : "https://rhn.redhat.com/errata/RHSA-2009-0377.html" "name": "http://scary.beasts.org/security/CESA-2009-003.html",
}, "refsource": "MISC",
{ "url": "http://scary.beasts.org/security/CESA-2009-003.html"
"name" : "SSA:2009-083-01", },
"refsource" : "SLACKWARE", {
"url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438" "name": "34382",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34382"
"name" : "SUSE-SR:2009:007", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html" "name": "SSA:2009-083-01",
}, "refsource": "SLACKWARE",
{ "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.487438"
"name" : "USN-744-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-744-1" "name": "34418",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34418"
"name" : "34185", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34185" "name": "20090320 [oCERT-2009-003] LittleCMS integer errors",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/502031/100/0/threaded"
"name" : "oval:org.mitre.oval:def:9742", },
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9742" "name": "RHSA-2009:0377",
}, "refsource": "REDHAT",
{ "url": "https://rhn.redhat.com/errata/RHSA-2009-0377.html"
"name" : "1021869", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1021869" "name": "http://www.ocert.org/advisories/ocert-2009-003.html",
}, "refsource": "MISC",
{ "url": "http://www.ocert.org/advisories/ocert-2009-003.html"
"name" : "34367", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34367" "name": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html",
}, "refsource": "MISC",
{ "url": "http://scarybeastsecurity.blogspot.com/2009/03/littlecms-vulnerabilities.html"
"name" : "34382", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34382" "name": "34782",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34782"
"name" : "34400", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34400" "name": "34367",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34367"
"name" : "34418", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34418" "name": "MDVSA-2009:162",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:162"
"name" : "34442", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34442" "name": "RHSA-2009:0339",
}, "refsource": "REDHAT",
{ "url": "http://www.redhat.com/support/errata/RHSA-2009-0339.html"
"name" : "34450", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34450" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=487512",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=487512"
"name" : "34454", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34454" "name": "ADV-2009-0775",
}, "refsource": "VUPEN",
{ "url": "http://www.vupen.com/english/advisories/2009/0775"
"name" : "34463", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34463" "name": "34463",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34463"
"name" : "34408", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34408" "name": "34408",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34408"
"name" : "34675", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34675" "name": "DSA-1769",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2009/dsa-1769"
"name" : "34632", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34632" "name": "34400",
}, "refsource": "SECUNIA",
{ "url": "http://secunia.com/advisories/34400"
"name" : "34782", },
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/34782" "name": "MDVSA-2009:121",
}, "refsource": "MANDRIVA",
{ "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:121"
"name" : "ADV-2009-0775", },
"refsource" : "VUPEN", {
"url" : "http://www.vupen.com/english/advisories/2009/0775" "name": "20090320 LittleCMS vulnerabilities (OpenJDK, Firefox, GIMP, etc. impacted)",
}, "refsource": "BUGTRAQ",
{ "url": "http://www.securityfocus.com/archive/1/502018/100/0/threaded"
"name" : "littlecms-readsetofcurves-bo(49330)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49330" "name": "FEDORA-2009-2910",
} "refsource": "FEDORA",
] "url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00799.html"
} },
} {
"name": "oval:org.mitre.oval:def:9742",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9742"
},
{
"name": "34185",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34185"
},
{
"name": "GLSA-200904-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200904-19.xml"
},
{
"name": "FEDORA-2009-2983",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00857.html"
}
]
}
}

140
2009/2xxx/CVE-2009-2045.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2009-2045", "ID": "CVE-2009-2045",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial of service (reboot) via a malformed payload in a UDP packet to port 37000, related to the xvcrman process, aka Bug ID CSCsj47924."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080ad1002.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080ad1002.html" "lang": "eng",
}, "value": "The Cisco Video Surveillance Stream Manager firmware before 5.3, as used on Cisco Video Surveillance Services Platforms and Video Surveillance Integrated Services Platforms, allows remote attackers to cause a denial of service (reboot) via a malformed payload in a UDP packet to port 37000, related to the xvcrman process, aka Bug ID CSCsj47924."
{ }
"name" : "20090624 Vulnerabilities in Cisco Video Surveillance Products", ]
"refsource" : "CISCO", },
"url" : "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ad0f8f.shtml" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1022446", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id?1022446" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080ad1002.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/products/products_applied_mitigation_bulletin09186a0080ad1002.html"
},
{
"name": "1022446",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1022446"
},
{
"name": "20090624 Vulnerabilities in Cisco Video Surveillance Products",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080ad0f8f.shtml"
}
]
}
}

150
2009/2xxx/CVE-2009-2064.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-2064", "ID": "CVE-2009-2064",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323", "description_data": [
"refsource" : "MISC", {
"url" : "http://research.microsoft.com/apps/pubs/default.aspx?id=79323" "lang": "eng",
}, "value": "Microsoft Internet Explorer 8, and possibly other versions, detects http content in https web pages only when the top-level frame uses https, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying an http page to include an https iframe that references a script file on an http site, related to \"HTTP-Intended-but-HTTPS-Loadable (HPIHSL) pages.\""
{ }
"name" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf", ]
"refsource" : "MISC", },
"url" : "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "35403", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/35403" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "ie-https-security-bypass(51186)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51186" ]
} },
] "references": {
} "reference_data": [
} {
"name": "ie-https-security-bypass(51186)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51186"
},
{
"name": "35403",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35403"
},
{
"name": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf",
"refsource": "MISC",
"url": "http://research.microsoft.com/pubs/79323/pbp-final-with-update.pdf"
},
{
"name": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323",
"refsource": "MISC",
"url": "http://research.microsoft.com/apps/pubs/default.aspx?id=79323"
}
]
}
}

130
2009/3xxx/CVE-2009-3097.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3097", "ID": "CVE-2009-3097",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://intevydis.com/vd-list.shtml", "description_data": [
"refsource" : "MISC", {
"url" : "http://intevydis.com/vd-list.shtml" "lang": "eng",
}, "value": "Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on Windows allow attackers to obtain sensitive information via unknown vectors, as demonstrated by certain modules in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes."
{ }
"name" : "36520", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/36520" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36520",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36520"
},
{
"name": "http://intevydis.com/vd-list.shtml",
"refsource": "MISC",
"url": "http://intevydis.com/vd-list.shtml"
}
]
}
}

130
2009/3xxx/CVE-2009-3538.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3538", "ID": "CVE-2009-3538",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "55743", "description_data": [
"refsource" : "OSVDB", {
"url" : "http://www.osvdb.org/55743" "lang": "eng",
}, "value": "Directory traversal vulnerability in thumb.php in Clear Content 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
{ }
"name" : "35726", ]
"refsource" : "SECUNIA", },
"url" : "http://secunia.com/advisories/35726" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35726",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35726"
},
{
"name": "55743",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/55743"
}
]
}
}

150
2009/3xxx/CVE-2009-3673.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2009-3673", "ID": "CVE-2009-3673",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "MS09-072", "description_data": [
"refsource" : "MS", {
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072" "lang": "eng",
}, "value": "Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka \"Uninitialized Memory Corruption Vulnerability.\""
{ }
"name" : "TA09-342A", ]
"refsource" : "CERT", },
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-342A.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "oval:org.mitre.oval:def:6519", "description": [
"refsource" : "OVAL", {
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6519" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1023293", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id?1023293" ]
} },
] "references": {
} "reference_data": [
} {
"name": "oval:org.mitre.oval:def:6519",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6519"
},
{
"name": "MS09-072",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-072"
},
{
"name": "TA09-342A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-342A.html"
},
{
"name": "1023293",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023293"
}
]
}
}

150
2009/3xxx/CVE-2009-3911.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-3911", "ID": "CVE-2009-3911",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://packetstormsecurity.org/0911-exploits/tftgallery-traversal.txt", "description_data": [
"refsource" : "MISC", {
"url" : "http://packetstormsecurity.org/0911-exploits/tftgallery-traversal.txt" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the sample parameter."
{ }
"name" : "36898", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/36898" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "37156", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37156" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "tftgallery-sample-xss(54087)", ]
"refsource" : "XF", }
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54087" ]
} },
] "references": {
} "reference_data": [
} {
"name": "37156",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37156"
},
{
"name": "36898",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36898"
},
{
"name": "tftgallery-sample-xss(54087)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54087"
},
{
"name": "http://packetstormsecurity.org/0911-exploits/tftgallery-traversal.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0911-exploits/tftgallery-traversal.txt"
}
]
}
}

170
2009/4xxx/CVE-2009-4531.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4531", "ID": "CVE-2009-4531",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://freetexthost.com/eiyfyt0km5", "description_data": [
"refsource" : "MISC", {
"url" : "http://freetexthost.com/eiyfyt0km5" "lang": "eng",
}, "value": "httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI."
{ }
"name" : "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html", "description": [
"refsource" : "MISC", {
"url" : "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "58857", ]
"refsource" : "OSVDB", }
"url" : "http://www.osvdb.org/58857" ]
}, },
{ "references": {
"name" : "37013", "reference_data": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/37013" "name": "http://freetexthost.com/eiyfyt0km5",
}, "refsource": "MISC",
{ "url": "http://freetexthost.com/eiyfyt0km5"
"name" : "httpdx-http-information-disclosure(53733)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733" "name": "58857",
} "refsource": "OSVDB",
] "url": "http://www.osvdb.org/58857"
} },
} {
"name": "httpdx-http-information-disclosure(53733)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53733"
},
{
"name": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt"
},
{
"name": "37013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37013"
},
{
"name": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html",
"refsource": "MISC",
"url": "http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html"
}
]
}
}

130
2009/4xxx/CVE-2009-4657.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4657", "ID": "CVE-2009-4657",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "9717", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/9717" "lang": "eng",
}, "value": "The administrator package for Xerver 4.32 does not require authentication, which allows remote attackers to alter application settings by connecting to the application on port 32123, as demonstrated by setting the action option to wizardStep1."
{ }
"name" : "36454", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/36454" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "9717",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/9717"
},
{
"name": "36454",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36454"
}
]
}
}

140
2009/4xxx/CVE-2009-4720.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4720", "ID": "CVE-2009-4720",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539452", "description_data": [
"refsource" : "MISC", {
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539452" "lang": "eng",
}, "value": "SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information."
{ }
"name" : "56675", ]
"refsource" : "OSVDB", },
"url" : "http://osvdb.org/56675" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "36115", "description": [
"refsource" : "SECUNIA", {
"url" : "http://secunia.com/advisories/36115" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "56675",
"refsource": "OSVDB",
"url": "http://osvdb.org/56675"
},
{
"name": "36115",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36115"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539452",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=539452"
}
]
}
}

170
2009/4xxx/CVE-2009-4756.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4756", "ID": "CVE-2009-4756",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "8588", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/8588" "lang": "eng",
}, "value": "Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file."
{ }
"name" : "8590", ]
"refsource" : "EXPLOIT-DB", },
"url" : "http://www.exploit-db.com/exploits/8590" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "8591", "description": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/8591" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "8592", ]
"refsource" : "EXPLOIT-DB", }
"url" : "http://www.exploit-db.com/exploits/8592" ]
}, },
{ "references": {
"name" : "34793", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/34793" "name": "8588",
}, "refsource": "EXPLOIT-DB",
{ "url": "http://www.exploit-db.com/exploits/8588"
"name" : "beatport-m3u-bo(50267)", },
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50267" "name": "34793",
} "refsource": "BID",
] "url": "http://www.securityfocus.com/bid/34793"
} },
} {
"name": "8592",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8592"
},
{
"name": "beatport-m3u-bo(50267)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50267"
},
{
"name": "8590",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8590"
},
{
"name": "8591",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/8591"
}
]
}
}

120
2009/4xxx/CVE-2009-4914.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2009-4914", "ID": "CVE-2009-4914",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html" "lang": "eng",
} "value": "Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to cause a denial of service (memory consumption) via Subject Alternative Name fields in an X.509 certificate, aka Bug ID CSCsq17879."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html",
"refsource": "CONFIRM",
"url": "http://www.cisco.com/en/US/docs/security/asa/asa81/release/notes/asarn812.html"
}
]
}
}

34
2012/2xxx/CVE-2012-2263.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2012-2263", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2012-2263",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2012. Notes: none."
} }
] ]
} }
} }

270
2015/0xxx/CVE-2015-0208.json
View File

@ -1,137 +1,137 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-0208", "ID": "CVE-2015-0208",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202369", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1202369" "lang": "eng",
}, "value": "The ASN.1 signature-verification implementation in the rsa_item_verify function in crypto/rsa/rsa_ameth.c in OpenSSL 1.0.2 before 1.0.2a allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted RSA PSS parameters to an endpoint that uses the certificate-verification feature."
{ }
"name" : "https://git.openssl.org/?p=openssl.git;a=commit;h=4b22cce3812052fe64fc3f6d58d8cc884e3cb834", ]
"refsource" : "CONFIRM", },
"url" : "https://git.openssl.org/?p=openssl.git;a=commit;h=4b22cce3812052fe64fc3f6d58d8cc884e3cb834" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://www.openssl.org/news/secadv_20150319.txt", "description": [
"refsource" : "CONFIRM", {
"url" : "https://www.openssl.org/news/secadv_20150319.txt" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html", ]
"refsource" : "CONFIRM", }
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html" ]
}, },
{ "references": {
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html" "name": "https://git.openssl.org/?p=openssl.git;a=commit;h=4b22cce3812052fe64fc3f6d58d8cc884e3cb834",
}, "refsource": "CONFIRM",
{ "url": "https://git.openssl.org/?p=openssl.git;a=commit;h=4b22cce3812052fe64fc3f6d58d8cc884e3cb834"
"name" : "https://bto.bluecoat.com/security-advisory/sa92", },
"refsource" : "CONFIRM", {
"url" : "https://bto.bluecoat.com/security-advisory/sa92" "name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110",
}, "refsource": "CONFIRM",
{ "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10110"
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html" "name": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html" "name": "HPSBMU03409",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10110", },
"refsource" : "CONFIRM", {
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10110" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1202369",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1202369"
"name" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html" "name": "https://bto.bluecoat.com/security-advisory/sa92",
}, "refsource": "CONFIRM",
{ "url": "https://bto.bluecoat.com/security-advisory/sa92"
"name" : "GLSA-201503-11", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201503-11" "name": "https://www.openssl.org/news/secadv_20150319.txt",
}, "refsource": "CONFIRM",
{ "url": "https://www.openssl.org/news/secadv_20150319.txt"
"name" : "HPSBMU03380", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=143748090628601&w=2" "name": "73230",
}, "refsource": "BID",
{ "url": "http://www.securityfocus.com/bid/73230"
"name" : "HPSBMU03397", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=144050297101809&w=2" "name": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html"
"name" : "HPSBMU03409", },
"refsource" : "HP", {
"url" : "http://marc.info/?l=bugtraq&m=144050155601375&w=2" "name": "HPSBMU03380",
}, "refsource": "HP",
{ "url": "http://marc.info/?l=bugtraq&m=143748090628601&w=2"
"name" : "73230", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/73230" "name": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"
"name" : "1031929", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031929" "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
} "refsource": "CONFIRM",
] "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
} },
} {
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html"
},
{
"name": "HPSBMU03397",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=144050297101809&w=2"
},
{
"name": "1031929",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031929"
},
{
"name": "GLSA-201503-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201503-11"
}
]
}
}

160
2015/0xxx/CVE-2015-0604.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@cisco.com",
"ID" : "CVE-2015-0604", "ID": "CVE-2015-0604",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37346", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://tools.cisco.com/security/center/viewAlert.x?alertId=37346" "lang": "eng",
}, "value": "The web framework on Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allows remote attackers to upload files to arbitrary locations on a phone's filesystem via crafted HTTP requests, aka Bug ID CSCup90424."
{ }
"name" : "20150203 Cisco Unified IP Phone 9900 Series Arbitrary File Upload Vulnerability", ]
"refsource" : "CISCO", },
"url" : "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0604" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "72485", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72485" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "62761", ]
"refsource" : "SECUNIA", }
"url" : "http://secunia.com/advisories/62761" ]
}, },
{ "references": {
"name" : "cisco-unifiedipphone-cve20150604-file-upload(100620)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/100620" "name": "cisco-unifiedipphone-cve20150604-file-upload(100620)",
} "refsource": "XF",
] "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100620"
} },
} {
"name": "20150203 Cisco Unified IP Phone 9900 Series Arbitrary File Upload Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0604"
},
{
"name": "62761",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/62761"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37346",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37346"
},
{
"name": "72485",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72485"
}
]
}
}

200
2015/0xxx/CVE-2015-0821.json
View File

@ -1,102 +1,102 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "security@mozilla.org",
"ID" : "CVE-2015-0821", "ID": "CVE-2015-0821",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.mozilla.org/security/announce/2015/mfsa2015-25.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.mozilla.org/security/announce/2015/mfsa2015-25.html" "lang": "eng",
}, "value": "Mozilla Firefox before 36.0 allows user-assisted remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges via a crafted web site that is accessed with unspecified mouse and keyboard actions."
{ }
"name" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1111960", ]
"refsource" : "CONFIRM", },
"url" : "https://bugzilla.mozilla.org/show_bug.cgi?id=1111960" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html", "description": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "GLSA-201504-01", ]
"refsource" : "GENTOO", }
"url" : "https://security.gentoo.org/glsa/201504-01" ]
}, },
{ "references": {
"name" : "openSUSE-SU-2015:0404", "reference_data": [
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html" "name": "http://www.mozilla.org/security/announce/2015/mfsa2015-25.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.mozilla.org/security/announce/2015/mfsa2015-25.html"
"name" : "openSUSE-SU-2015:0570", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html" "name": "GLSA-201504-01",
}, "refsource": "GENTOO",
{ "url": "https://security.gentoo.org/glsa/201504-01"
"name" : "USN-2505-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2505-1" "name": "openSUSE-SU-2015:0404",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html"
"name" : "72758", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/72758" "name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
"name" : "1031791", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1031791" "name": "https://bugzilla.mozilla.org/show_bug.cgi?id=1111960",
} "refsource": "CONFIRM",
] "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1111960"
} },
} {
"name": "72758",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/72758"
},
{
"name": "1031791",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1031791"
},
{
"name": "openSUSE-SU-2015:0570",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html"
},
{
"name": "USN-2505-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2505-1"
}
]
}
}

130
2015/1xxx/CVE-2015-1393.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1393", "ID": "CVE-2015-1393",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "20150128 [CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8", "description_data": [
"refsource" : "BUGTRAQ", {
"url" : "http://www.securityfocus.com/archive/1/534569/100/0/threaded" "lang": "eng",
}, "value": "SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the asc_or_desc parameter in a create gallery request in the galleries_bwg page to wp-admin/admin.php."
{ }
"name" : "https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery", ]
"refsource" : "CONFIRM", },
"url" : "https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20150128 [CVE-2015-1393] Photo Gallery (Wordpress Plugin) - SQL Injection in Version 1.2.8",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534569/100/0/threaded"
},
{
"name": "https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery",
"refsource": "CONFIRM",
"url": "https://plugins.trac.wordpress.org/changeset/1074134/photo-gallery"
}
]
}
}

160
2015/1xxx/CVE-2015-1424.json
View File

@ -1,82 +1,82 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1424", "ID": "CVE-2015-1424",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "35767", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "http://www.exploit-db.com/exploits/35767" "lang": "eng",
}, "value": "Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php."
{ }
"name" : "http://packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html", ]
"refsource" : "MISC", },
"url" : "http://packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php", "description": [
"refsource" : "MISC", {
"url" : "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "116966", ]
"refsource" : "OSVDB", }
"url" : "http://osvdb.org/show/osvdb/116966" ]
}, },
{ "references": {
"name" : "geckocms-newuser-csrf(99974)", "reference_data": [
"refsource" : "XF", {
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/99974" "name": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php",
} "refsource": "MISC",
] "url": "http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php"
} },
} {
"name": "http://packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html"
},
{
"name": "35767",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/35767"
},
{
"name": "116966",
"refsource": "OSVDB",
"url": "http://osvdb.org/show/osvdb/116966"
},
{
"name": "geckocms-newuser-csrf(99974)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99974"
}
]
}
}

120
2015/1xxx/CVE-2015-1550.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1550", "ID": "CVE-2015-1550",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt" "lang": "eng",
} "value": "Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt",
"refsource": "CONFIRM",
"url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2015-006.txt"
}
]
}
}

140
2015/1xxx/CVE-2015-1906.json
View File

@ -1,72 +1,72 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "psirt@us.ibm.com",
"ID" : "CVE-2015-1906", "ID": "CVE-2015-1906",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700717", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21700717" "lang": "eng",
}, "value": "Cross-site scripting (XSS) vulnerability in the REST API in IBM Business Process Manager (BPM) 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0 through 8.5.0.1, 8.5.5 through 8.5.5.0, and 8.5.6 through 8.5.6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL."
{ }
"name" : "JR52772", ]
"refsource" : "AIXAPAR", },
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1033002", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033002" "lang": "eng",
} "value": "n/a"
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21700717",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21700717"
},
{
"name": "JR52772",
"refsource": "AIXAPAR",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg1JR52772"
},
{
"name": "1033002",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033002"
}
]
}
}

34
2015/1xxx/CVE-2015-1973.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2015-1973", "ID": "CVE-2015-1973",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

360
2015/5xxx/CVE-2015-5330.json
View File

@ -1,182 +1,182 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "secalert@redhat.com",
"ID" : "CVE-2015-5330", "ID": "CVE-2015-5330",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=1281326", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1281326" "lang": "eng",
}, "value": "ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before 4.3.3, mishandles string lengths, which allows remote attackers to obtain sensitive information from daemon heap memory by sending crafted packets and then reading (1) an error message or (2) a database value."
{ }
"name" : "https://git.samba.org/?p=samba.git;a=commit;h=0454b95657846fcecf0f51b6f1194faac02518bd", ]
"refsource" : "CONFIRM", },
"url" : "https://git.samba.org/?p=samba.git;a=commit;h=0454b95657846fcecf0f51b6f1194faac02518bd" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "https://git.samba.org/?p=samba.git;a=commit;h=538d305de91e34a2938f5f219f18bf0e1918763f", "description": [
"refsource" : "CONFIRM", {
"url" : "https://git.samba.org/?p=samba.git;a=commit;h=538d305de91e34a2938f5f219f18bf0e1918763f" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "https://git.samba.org/?p=samba.git;a=commit;h=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72", ]
"refsource" : "CONFIRM", }
"url" : "https://git.samba.org/?p=samba.git;a=commit;h=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72" ]
}, },
{ "references": {
"name" : "https://git.samba.org/?p=samba.git;a=commit;h=a118d4220ed85749c07fb43c1229d9e2fecbea6b", "reference_data": [
"refsource" : "CONFIRM", {
"url" : "https://git.samba.org/?p=samba.git;a=commit;h=a118d4220ed85749c07fb43c1229d9e2fecbea6b" "name": "https://git.samba.org/?p=samba.git;a=commit;h=f36cb71c330a52106e36028b3029d952257baf15",
}, "refsource": "CONFIRM",
{ "url": "https://git.samba.org/?p=samba.git;a=commit;h=f36cb71c330a52106e36028b3029d952257baf15"
"name" : "https://git.samba.org/?p=samba.git;a=commit;h=ba5dbda6d0174a59d221c45cca52ecd232820d48", },
"refsource" : "CONFIRM", {
"url" : "https://git.samba.org/?p=samba.git;a=commit;h=ba5dbda6d0174a59d221c45cca52ecd232820d48" "name": "https://git.samba.org/?p=samba.git;a=commit;h=ba5dbda6d0174a59d221c45cca52ecd232820d48",
}, "refsource": "CONFIRM",
{ "url": "https://git.samba.org/?p=samba.git;a=commit;h=ba5dbda6d0174a59d221c45cca52ecd232820d48"
"name" : "https://git.samba.org/?p=samba.git;a=commit;h=f36cb71c330a52106e36028b3029d952257baf15", },
"refsource" : "CONFIRM", {
"url" : "https://git.samba.org/?p=samba.git;a=commit;h=f36cb71c330a52106e36028b3029d952257baf15" "name": "openSUSE-SU-2016:1064",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html"
"name" : "https://www.samba.org/samba/security/CVE-2015-5330.html", },
"refsource" : "CONFIRM", {
"url" : "https://www.samba.org/samba/security/CVE-2015-5330.html" "name": "USN-2855-2",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2855-2"
"name" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", },
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html" "name": "https://git.samba.org/?p=samba.git;a=commit;h=a118d4220ed85749c07fb43c1229d9e2fecbea6b",
}, "refsource": "CONFIRM",
{ "url": "https://git.samba.org/?p=samba.git;a=commit;h=a118d4220ed85749c07fb43c1229d9e2fecbea6b"
"name" : "DSA-3433", },
"refsource" : "DEBIAN", {
"url" : "http://www.debian.org/security/2016/dsa-3433" "name": "SUSE-SU-2016:0032",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html"
"name" : "GLSA-201612-47", },
"refsource" : "GENTOO", {
"url" : "https://security.gentoo.org/glsa/201612-47" "name": "USN-2856-1",
}, "refsource": "UBUNTU",
{ "url": "http://www.ubuntu.com/usn/USN-2856-1"
"name" : "openSUSE-SU-2016:1064", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00042.html" "name": "SUSE-SU-2015:2304",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html"
"name" : "openSUSE-SU-2016:1106", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html" "name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
}, "refsource": "CONFIRM",
{ "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"
"name" : "openSUSE-SU-2016:1107", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html" "name": "SUSE-SU-2015:2305",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html"
"name" : "SUSE-SU-2015:2304", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00019.html" "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1281326",
}, "refsource": "CONFIRM",
{ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1281326"
"name" : "SUSE-SU-2015:2305", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00020.html" "name": "https://git.samba.org/?p=samba.git;a=commit;h=0454b95657846fcecf0f51b6f1194faac02518bd",
}, "refsource": "CONFIRM",
{ "url": "https://git.samba.org/?p=samba.git;a=commit;h=0454b95657846fcecf0f51b6f1194faac02518bd"
"name" : "SUSE-SU-2016:0032", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00002.html" "name": "https://www.samba.org/samba/security/CVE-2015-5330.html",
}, "refsource": "CONFIRM",
{ "url": "https://www.samba.org/samba/security/CVE-2015-5330.html"
"name" : "openSUSE-SU-2015:2354", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html" "name": "SUSE-SU-2016:0164",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html"
"name" : "openSUSE-SU-2015:2356", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html" "name": "openSUSE-SU-2015:2354",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00032.html"
"name" : "SUSE-SU-2016:0164", },
"refsource" : "SUSE", {
"url" : "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00017.html" "name": "https://git.samba.org/?p=samba.git;a=commit;h=538d305de91e34a2938f5f219f18bf0e1918763f",
}, "refsource": "CONFIRM",
{ "url": "https://git.samba.org/?p=samba.git;a=commit;h=538d305de91e34a2938f5f219f18bf0e1918763f"
"name" : "USN-2855-2", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2855-2" "name": "openSUSE-SU-2016:1106",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00047.html"
"name" : "USN-2855-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2855-1" "name": "1034493",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1034493"
"name" : "USN-2856-1", },
"refsource" : "UBUNTU", {
"url" : "http://www.ubuntu.com/usn/USN-2856-1" "name": "DSA-3433",
}, "refsource": "DEBIAN",
{ "url": "http://www.debian.org/security/2016/dsa-3433"
"name" : "79734", },
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/79734" "name": "openSUSE-SU-2016:1107",
}, "refsource": "SUSE",
{ "url": "http://lists.opensuse.org/opensuse-security-announce/2016-04/msg00048.html"
"name" : "1034493", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1034493" "name": "GLSA-201612-47",
} "refsource": "GENTOO",
] "url": "https://security.gentoo.org/glsa/201612-47"
} },
} {
"name": "79734",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79734"
},
{
"name": "USN-2855-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2855-1"
},
{
"name": "openSUSE-SU-2015:2356",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00033.html"
},
{
"name": "https://git.samba.org/?p=samba.git;a=commit;h=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72",
"refsource": "CONFIRM",
"url": "https://git.samba.org/?p=samba.git;a=commit;h=7f51ec8c4ed9ba1f53d722e44fb6fb3cde933b72"
}
]
}
}

150
2015/5xxx/CVE-2015-5769.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5769", "ID": "CVE-2015-5769",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/kb/HT205030", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/kb/HT205030" "lang": "eng",
}, "value": "The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to cause a denial of service (device crash) via a crafted video."
{ }
"name" : "APPLE-SA-2015-08-13-3", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "76337", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76337" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1033275", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1033275" ]
} },
] "references": {
} "reference_data": [
} {
"name": "https://support.apple.com/kb/HT205030",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205030"
},
{
"name": "1033275",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033275"
},
{
"name": "76337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76337"
},
{
"name": "APPLE-SA-2015-08-13-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html"
}
]
}
}

170
2015/5xxx/CVE-2015-5829.json
View File

@ -1,87 +1,87 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5829", "ID": "CVE-2015-5829",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT205212", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205212" "lang": "eng",
}, "value": "Data Detectors Engine in Apple iOS before 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted text file."
{ }
"name" : "https://support.apple.com/HT205213", ]
"refsource" : "CONFIRM", },
"url" : "https://support.apple.com/HT205213" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "APPLE-SA-2015-09-16-1", "description": [
"refsource" : "APPLE", {
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "APPLE-SA-2015-09-21-1", ]
"refsource" : "APPLE", }
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html" ]
}, },
{ "references": {
"name" : "76764", "reference_data": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76764" "name": "1033609",
}, "refsource": "SECTRACK",
{ "url": "http://www.securitytracker.com/id/1033609"
"name" : "1033609", },
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1033609" "name": "https://support.apple.com/HT205212",
} "refsource": "CONFIRM",
] "url": "https://support.apple.com/HT205212"
} },
} {
"name": "76764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76764"
},
{
"name": "APPLE-SA-2015-09-21-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00005.html"
},
{
"name": "https://support.apple.com/HT205213",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205213"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

150
2015/5xxx/CVE-2015-5835.json
View File

@ -1,77 +1,77 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "product-security@apple.com",
"ID" : "CVE-2015-5835", "ID": "CVE-2015-5835",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://support.apple.com/HT205212", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://support.apple.com/HT205212" "lang": "eng",
}, "value": "Apple iOS before 9 allows attackers to obtain sensitive information about inter-app communication via a crafted app that conducts an interception attack involving an unspecified URL scheme."
{ }
"name" : "APPLE-SA-2015-09-16-1", ]
"refsource" : "APPLE", },
"url" : "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "76764", "description": [
"refsource" : "BID", {
"url" : "http://www.securityfocus.com/bid/76764" "lang": "eng",
}, "value": "n/a"
{ }
"name" : "1033609", ]
"refsource" : "SECTRACK", }
"url" : "http://www.securitytracker.com/id/1033609" ]
} },
] "references": {
} "reference_data": [
} {
"name": "1033609",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1033609"
},
{
"name": "https://support.apple.com/HT205212",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT205212"
},
{
"name": "76764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76764"
},
{
"name": "APPLE-SA-2015-09-16-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html"
}
]
}
}

174
2018/3xxx/CVE-2018-3022.json
View File

@ -1,89 +1,89 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3022", "ID": "CVE-2018-3022",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Banking Payments", "product_name": "Banking Payments",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.2.0" "version_value": "12.2.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.3.0" "version_value": "12.3.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.4.0" "version_value": "12.4.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "12.5.0" "version_value": "12.5.0"
}, },
{ {
"version_affected" : "=", "version_affected": "=",
"version_value" : "14.1.0" "version_value": "14.1.0"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle Banking Payments component of Oracle Financial Services Applications (subcomponent: Payments Core). Supported versions that are affected are 12.2.0, 12.3.0, 12.4.0, 12.5.0 and 14.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments. CVSS 3.0 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)."
{ }
"name" : "104790", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104790" "problemtype": {
}, "problemtype_data": [
{ {
"name" : "1041307", "description": [
"refsource" : "SECTRACK", {
"url" : "http://www.securitytracker.com/id/1041307" "lang": "eng",
} "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Banking Payments. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Banking Payments."
] }
} ]
} }
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
},
{
"name": "104790",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104790"
},
{
"name": "1041307",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041307"
}
]
}
}

132
2018/3xxx/CVE-2018-3309.json
View File

@ -1,68 +1,68 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "secalert_us@oracle.com", "ASSIGNER": "secalert_us@oracle.com",
"ID" : "CVE-2018-3309", "ID": "CVE-2018-3309",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "VM VirtualBox", "product_name": "VM VirtualBox",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_affected" : "<", "version_affected": "<",
"version_value" : "5.2.22" "version_value": "5.2.22"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Oracle Corporation" "vendor_name": "Oracle Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is prior to 5.2.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "description_data": [
"refsource" : "CONFIRM", {
"url" : "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" "lang": "eng",
}, "value": "Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is prior to 5.2.22. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)."
{ }
"name" : "106572", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106572" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
},
{
"name": "106572",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106572"
}
]
}
}

34
2018/3xxx/CVE-2018-3358.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3358", "ID": "CVE-2018-3358",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/3xxx/CVE-2018-3424.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-3424", "ID": "CVE-2018-3424",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/3xxx/CVE-2018-3892.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"ID" : "CVE-2018-3892", "ID": "CVE-2018-3892",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Yi Technology", "product_name": "Yi Technology",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Yi Technology Home Camera 27US 1.8.7.0D" "version_value": "Yi Technology Home Camera 27US 1.8.7.0D"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "unknown" "vendor_name": "unknown"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Stack-based Buffer Overflow"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0567", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0567" "lang": "eng",
} "value": "An exploitable firmware downgrade vulnerability exists in the time syncing functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted packet can cause a buffer overflow, resulting in code execution. An attacker can intercept and alter network traffic to trigger this vulnerability."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Stack-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0567",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0567"
}
]
}
}

122
2018/3xxx/CVE-2018-3928.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "talos-cna@cisco.com", "ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC" : "2018-10-31T00:00:00", "DATE_PUBLIC": "2018-10-31T00:00:00",
"ID" : "CVE-2018-3928", "ID": "CVE-2018-3928",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Yi Technology", "product_name": "Yi Technology",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Yi Technology Home Camera 27US 1.8.7.0D" "version_value": "Yi Technology Home Camera 27US 1.8.7.0D"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Yi" "vendor_name": "Yi"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Reversible One-Way Hash"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0595", "description_data": [
"refsource" : "MISC", {
"url" : "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0595" "lang": "eng",
} "value": "An exploitable code execution vulnerability exists in the firmware update functionality of Yi Home Camera 27US 1.8.7.0D. A specially crafted set of UDP packets can cause a settings change, resulting in denial of service. An attacker can send a set of packets to trigger this vulnerability."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reversible One-Way Hash"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0595",
"refsource": "MISC",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0595"
}
]
}
}

122
2018/6xxx/CVE-2018-6261.json
View File

@ -1,63 +1,63 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@nvidia.com", "ASSIGNER": "psirt@nvidia.com",
"DATE_PUBLIC" : "2018-09-27T00:00:00", "DATE_PUBLIC": "2018-09-27T00:00:00",
"ID" : "CVE-2018-6261", "ID": "CVE-2018-6261",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "GeForce Experience", "product_name": "GeForce Experience",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "3.15" "version_value": "3.15"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Nvidia Corporation" "vendor_name": "Nvidia Corporation"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Code execution, denial of service, or escalation of privileges"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4725", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://nvidia.custhelp.com/app/answers/detail/a_id/4725" "lang": "eng",
} "value": "NVIDIA GeForce Experience prior to 3.15 contains a vulnerability when GameStream is enabled which sets incorrect permissions on a file, which may to code execution, denial of service, or escalation of privileges by users with system access."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code execution, denial of service, or escalation of privileges"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725",
"refsource": "CONFIRM",
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/4725"
}
]
}
}

190
2018/6xxx/CVE-2018-6674.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@mcafee.com", "ASSIGNER": "psirt@mcafee.com",
"DATE_PUBLIC" : "2018-05-09T17:00:00.000Z", "DATE_PUBLIC": "2018-05-09T17:00:00.000Z",
"ID" : "CVE-2018-6674", "ID": "CVE-2018-6674",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "SB10237 - VirusScan Enterprise (VSE) - Privilege Escalation vulnerability" "TITLE": "SB10237 - VirusScan Enterprise (VSE) - Privilege Escalation vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : " VirusScan Enterprise (VSE)", "product_name": " VirusScan Enterprise (VSE)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : "<", "affected": "<",
"platform" : "x86", "platform": "x86",
"version_name" : "8.8", "version_name": "8.8",
"version_value" : "8.8 Patch 11" "version_value": "8.8 Patch 11"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "McAfee" "vendor_name": "McAfee"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "PHYSICAL",
"availabilityImpact" : "HIGH",
"baseScore" : 6.8,
"baseSeverity" : "MEDIUM",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Privilege Escalation vulnerability"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10237", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10237" "lang": "eng",
}, "value": "Privilege Escalation vulnerability in Microsoft Windows client in McAfee VirusScan Enterprise (VSE) 8.8 allows local users to view configuration information in plain text format via the GUI or GUI terminal commands."
{ }
"name" : "104180", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104180" "impact": {
}, "cvss": {
{ "attackComplexity": "HIGH",
"name" : "1040893", "attackVector": "PHYSICAL",
"refsource" : "SECTRACK", "availabilityImpact": "HIGH",
"url" : "http://www.securitytracker.com/id/1040893" "baseScore": 6.8,
} "baseSeverity": "MEDIUM",
] "confidentialityImpact": "HIGH",
}, "integrityImpact": "HIGH",
"source" : { "privilegesRequired": "HIGH",
"advisory" : "SB10237", "scope": "CHANGED",
"discovery" : "EXTERNAL" "userInteraction": "REQUIRED",
} "vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
} "version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Privilege Escalation vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104180",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104180"
},
{
"name": "1040893",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040893"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10237",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10237"
}
]
},
"source": {
"advisory": "SB10237",
"discovery": "EXTERNAL"
}
}

190
2018/6xxx/CVE-2018-6677.json
View File

@ -1,97 +1,97 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "psirt@mcafee.com", "ASSIGNER": "psirt@mcafee.com",
"ID" : "CVE-2018-6677", "ID": "CVE-2018-6677",
"STATE" : "PUBLIC", "STATE": "PUBLIC",
"TITLE" : "McAfee Web Gateway (MWG) - Directory Traversal vulnerability" "TITLE": "McAfee Web Gateway (MWG) - Directory Traversal vulnerability"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "McAfee Web Gateway (MWG)", "product_name": "McAfee Web Gateway (MWG)",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"affected" : ">=", "affected": ">=",
"platform" : "x86", "platform": "x86",
"version_name" : "7.8.1", "version_name": "7.8.1",
"version_value" : "7.8.1" "version_value": "7.8.1"
}, },
{ {
"affected" : "!>", "affected": "!>",
"platform" : "x86", "platform": "x86",
"version_name" : "7.8.2", "version_name": "7.8.2",
"version_value" : "7.8.2" "version_value": "7.8.2"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "McAfee" "vendor_name": "McAfee"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
}
]
},
"impact" : {
"cvss" : {
"attackComplexity" : "HIGH",
"attackVector" : "NETWORK",
"availabilityImpact" : "HIGH",
"baseScore" : 7.6,
"baseSeverity" : "HIGH",
"confidentialityImpact" : "HIGH",
"integrityImpact" : "HIGH",
"privilegesRequired" : "HIGH",
"scope" : "CHANGED",
"userInteraction" : "REQUIRED",
"vectorString" : "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version" : "3.0"
}
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Directory Traversal vulnerability\n"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10245", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://kc.mcafee.com/corporate/index?page=content&id=SB10245" "lang": "eng",
}, "value": "Directory Traversal vulnerability in the administrative user interface in McAfee Web Gateway (MWG) MWG 7.8.1.x allows authenticated administrator users to gain elevated privileges via unspecified vectors."
{ }
"name" : "104893", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/104893" "impact": {
} "cvss": {
] "attackComplexity": "HIGH",
}, "attackVector": "NETWORK",
"source" : { "availabilityImpact": "HIGH",
"advisory" : "SB10245", "baseScore": 7.6,
"discovery" : "INTERNAL" "baseSeverity": "HIGH",
} "confidentialityImpact": "HIGH",
} "integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal vulnerability\n"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104893",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104893"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content&id=SB10245",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10245"
}
]
},
"source": {
"advisory": "SB10245",
"discovery": "INTERNAL"
}
}

34
2018/6xxx/CVE-2018-6998.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "data_type": "CVE",
"ASSIGNER" : "cve@mitre.org", "data_format": "MITRE",
"ID" : "CVE-2018-6998", "data_version": "4.0",
"STATE" : "REJECT" "CVE_data_meta": {
}, "ID": "CVE-2018-6998",
"data_format" : "MITRE", "ASSIGNER": "cve@mitre.org",
"data_type" : "CVE", "STATE": "REJECT"
"data_version" : "4.0", },
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none." "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none."
} }
] ]
} }
} }

34
2018/7xxx/CVE-2018-7086.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7086", "ID": "CVE-2018-7086",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/7xxx/CVE-2018-7147.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7147", "ID": "CVE-2018-7147",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/7xxx/CVE-2018-7270.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7270", "ID": "CVE-2018-7270",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

34
2018/7xxx/CVE-2018-7571.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-7571", "ID": "CVE-2018-7571",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

226
2018/8xxx/CVE-2018-8564.json
View File

@ -1,115 +1,115 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8564", "ID": "CVE-2018-8564",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 10 for 32-bit Systems" "version_value": "Windows 10 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 for x64-based Systems" "version_value": "Windows 10 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for 32-bit Systems" "version_value": "Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for x64-based Systems" "version_value": "Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for 32-bit Systems" "version_value": "Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for x64-based Systems" "version_value": "Windows 10 Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for 32-bit Systems" "version_value": "Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for ARM64-based Systems" "version_value": "Windows 10 Version 1709 for ARM64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for x64-based Systems" "version_value": "Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for 32-bit Systems" "version_value": "Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for ARM64-based Systems" "version_value": "Windows 10 Version 1803 for ARM64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for x64-based Systems" "version_value": "Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1809 for 32-bit Systems" "version_value": "Windows 10 Version 1809 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1809 for ARM64-based Systems" "version_value": "Windows 10 Version 1809 for ARM64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1809 for x64-based Systems" "version_value": "Windows 10 Version 1809 for x64-based Systems"
}, },
{ {
"version_value" : "Windows Server 2016" "version_value": "Windows Server 2016"
}, },
{ {
"version_value" : "Windows Server 2019" "version_value": "Windows Server 2019"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka \"Microsoft Edge Spoofing Vulnerability.\" This affects Microsoft Edge."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Spoofing"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8564", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8564" "lang": "eng",
}, "value": "A spoofing vulnerability exists when Microsoft Edge improperly handles specific HTML content, aka \"Microsoft Edge Spoofing Vulnerability.\" This affects Microsoft Edge."
{ }
"name" : "105785", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/105785" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Spoofing"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "105785",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105785"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8564",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8564"
}
]
}
}

234
2018/8xxx/CVE-2018-8624.json
View File

@ -1,119 +1,119 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "Secure@Microsoft.com", "ASSIGNER": "secure@microsoft.com",
"ID" : "CVE-2018-8624", "ID": "CVE-2018-8624",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "Microsoft Edge", "product_name": "Microsoft Edge",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "Windows 10 Version 1607 for 32-bit Systems" "version_value": "Windows 10 Version 1607 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1607 for x64-based Systems" "version_value": "Windows 10 Version 1607 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for 32-bit Systems" "version_value": "Windows 10 Version 1703 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1703 for x64-based Systems" "version_value": "Windows 10 Version 1703 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for 32-bit Systems" "version_value": "Windows 10 Version 1709 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for ARM64-based Systems" "version_value": "Windows 10 Version 1709 for ARM64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1709 for x64-based Systems" "version_value": "Windows 10 Version 1709 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for 32-bit Systems" "version_value": "Windows 10 Version 1803 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for ARM64-based Systems" "version_value": "Windows 10 Version 1803 for ARM64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1803 for x64-based Systems" "version_value": "Windows 10 Version 1803 for x64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1809 for 32-bit Systems" "version_value": "Windows 10 Version 1809 for 32-bit Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1809 for ARM64-based Systems" "version_value": "Windows 10 Version 1809 for ARM64-based Systems"
}, },
{ {
"version_value" : "Windows 10 Version 1809 for x64-based Systems" "version_value": "Windows 10 Version 1809 for x64-based Systems"
}, },
{ {
"version_value" : "Windows Server 2016" "version_value": "Windows Server 2016"
}, },
{ {
"version_value" : "Windows Server 2019" "version_value": "Windows Server 2019"
} }
] ]
} }
}, },
{ {
"product_name" : "ChakraCore", "product_name": "ChakraCore",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "ChakraCore" "version_value": "ChakraCore"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "Microsoft" "vendor_name": "Microsoft"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8629."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Remote Code Execution"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8624", "description_data": [
"refsource" : "CONFIRM", {
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8624" "lang": "eng",
}, "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \"Chakra Scripting Engine Memory Corruption Vulnerability.\" This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8629."
{ }
"name" : "106114", ]
"refsource" : "BID", },
"url" : "http://www.securityfocus.com/bid/106114" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106114",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106114"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8624",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8624"
}
]
}
}

34
2018/8xxx/CVE-2018-8692.json
View File

@ -1,18 +1,18 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8692", "ID": "CVE-2018-8692",
"STATE" : "RESERVED" "STATE": "RESERVED"
}, },
"data_format" : "MITRE", "data_format": "MITRE",
"data_type" : "CVE", "data_type": "CVE",
"data_version" : "4.0", "data_version": "4.0",
"description" : { "description": {
"description_data" : [ "description_data": [
{ {
"lang" : "eng", "lang": "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
} }
] ]
} }
} }

120
2018/8xxx/CVE-2018-8719.json
View File

@ -1,62 +1,62 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8719", "ID": "CVE-2018-8719",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "44371", "description_data": [
"refsource" : "EXPLOIT-DB", {
"url" : "https://www.exploit-db.com/exploits/44371/" "lang": "eng",
} "value": "An issue was discovered in the WP Security Audit Log plugin 3.1.1 for WordPress. Access to wp-content/uploads/wp-security-audit-log/* files is not restricted. For example, these files are indexed by Google and allows for attackers to possibly find sensitive information."
] }
} ]
} },
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "44371",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44371/"
}
]
}
}

130
2018/8xxx/CVE-2018-8756.json
View File

@ -1,67 +1,67 @@
{ {
"CVE_data_meta" : { "CVE_data_meta": {
"ASSIGNER" : "cve@mitre.org", "ASSIGNER": "cve@mitre.org",
"ID" : "CVE-2018-8756", "ID": "CVE-2018-8756",
"STATE" : "PUBLIC" "STATE": "PUBLIC"
}, },
"affects" : { "affects": {
"vendor" : { "vendor": {
"vendor_data" : [ "vendor_data": [
{ {
"product" : { "product": {
"product_data" : [ "product_data": [
{ {
"product_name" : "n/a", "product_name": "n/a",
"version" : { "version": {
"version_data" : [ "version_data": [
{ {
"version_value" : "n/a" "version_value": "n/a"
} }
] ]
} }
} }
] ]
}, },
"vendor_name" : "n/a" "vendor_name": "n/a"
} }
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
] ]
} }
] },
}, "data_format": "MITRE",
"references" : { "data_type": "CVE",
"reference_data" : [ "data_version": "4.0",
{ "description": {
"name" : "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_chinese.pdf", "description_data": [
"refsource" : "MISC", {
"url" : "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_chinese.pdf" "lang": "eng",
}, "value": "Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 allows remote attackers to achieve arbitrary code execution via PHP code in the POST data of an index.php?m=member&c=member_content&a=init request."
{ }
"name" : "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_english.pdf", ]
"refsource" : "MISC", },
"url" : "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_english.pdf" "problemtype": {
} "problemtype_data": [
] {
} "description": [
} {
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_english.pdf",
"refsource": "MISC",
"url": "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_english.pdf"
},
{
"name": "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_chinese.pdf",
"refsource": "MISC",
"url": "https://github.com/guiciwushuang/yzmcms/blob/master/yzmcms_eval_injection_chinese.pdf"
}
]
}
}