admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2019-03-18 04:06:58 +00:00
parent d76626eff9
commit 99ade1d47d
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
53 changed files with 3884 additions and 3884 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
2002/0xxx/CVE-2002-0662.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0662",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0662",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020902 The ScrollKeeper Root Trap",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103098575826031&w=2"
},
{
"name" : "DSA-160",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2002/dsa-160"
},
{
"name" : "RHSA-2002:186",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2002-186.html"
},
{
"name" : "20020904 GLSA: scrollkeeper",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=103115387102294&w=2"
},
{
"name" : "scrollkeeper-tmp-file-symlink(10002)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10002.php"
},
{
"name" : "5602",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5602"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5602",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5602"
},
{
"name": "scrollkeeper-tmp-file-symlink(10002)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10002.php"
},
{
"name": "DSA-160",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-160"
},
{
"name": "20020904 GLSA: scrollkeeper",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103115387102294&w=2"
},
{
"name": "RHSA-2002:186",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-186.html"
},
{
"name": "20020902 The ScrollKeeper Root Trap",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=103098575826031&w=2"
}
]
}
}

150
2002/0xxx/CVE-2002-0734.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0734",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0734",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020506 b2 php remote command execution",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-05/0027.html"
},
{
"name" : "http://cafelog.com/",
"refsource" : "CONFIRM",
"url" : "http://cafelog.com/"
},
{
"name" : "4673",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4673"
},
{
"name" : "b2-b2inc-command-execution(9013)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9013.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cafelog.com/",
"refsource": "CONFIRM",
"url": "http://cafelog.com/"
},
{
"name": "4673",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4673"
},
{
"name": "b2-b2inc-command-execution(9013)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9013.php"
},
{
"name": "20020506 b2 php remote command execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-05/0027.html"
}
]
}
}

150
2002/0xxx/CVE-2002-0938.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0938",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0938",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020614 XSS in CiscoSecure ACS v3.0",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html"
},
{
"name" : "20020621 Re: XSS in CiscoSecure ACS v3.0",
"refsource" : "BUGTRAQ",
"url" : "http://online.securityfocus.com/archive/1/278222"
},
{
"name" : "5026",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5026"
},
{
"name" : "ciscosecure-web-css(9353)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9353.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ciscosecure-web-css(9353)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9353.php"
},
{
"name": "20020614 XSS in CiscoSecure ACS v3.0",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html"
},
{
"name": "20020621 Re: XSS in CiscoSecure ACS v3.0",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/278222"
},
{
"name": "5026",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5026"
}
]
}
}

140
2002/0xxx/CVE-2002-0949.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-0949",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0949",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020605 Some vulnerabilities in the Telindus 11xx router series",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2002-06/0028.html"
},
{
"name" : "4946",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/4946"
},
{
"name" : "telindus-adsl-information-leak(9277)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/9277.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4946"
},
{
"name": "telindus-adsl-information-leak(9277)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9277.php"
},
{
"name": "20020605 Some vulnerabilities in the Telindus 11xx router series",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-06/0028.html"
}
]
}
}

140
2002/2xxx/CVE-2002-2204.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2204",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20020829 RPM verification",
"refsource" : "FULLDISC",
"url" : "http://lists.netsys.com/pipermail/full-disclosure/2002-August/001167.html"
},
{
"name" : "5594",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/5594"
},
{
"name" : "rpm-improper-sig-verification(10011)",
"refsource" : "XF",
"url" : "http://www.iss.net/security_center/static/10011.php"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "5594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5594"
},
{
"name": "rpm-improper-sig-verification(10011)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10011.php"
},
{
"name": "20020829 RPM verification",
"refsource": "FULLDISC",
"url": "http://lists.netsys.com/pipermail/full-disclosure/2002-August/001167.html"
}
]
}
}

220
2002/2xxx/CVE-2002-2211.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2002-2211",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-2211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html",
"refsource" : "MISC",
"url" : "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html"
},
{
"name" : "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf",
"refsource" : "MISC",
"url" : "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf"
},
{
"name" : "http://www.kb.cert.org/vuls/id/IAFY-5FZSLQ",
"refsource" : "MISC",
"url" : "http://www.kb.cert.org/vuls/id/IAFY-5FZSLQ"
},
{
"name" : "http://www.kb.cert.org/vuls/id/IAFY-5FDT4U",
"refsource" : "MISC",
"url" : "http://www.kb.cert.org/vuls/id/IAFY-5FDT4U"
},
{
"name" : "http://www.kb.cert.org/vuls/id/IAFY-5FDPYP",
"refsource" : "MISC",
"url" : "http://www.kb.cert.org/vuls/id/IAFY-5FDPYP"
},
{
"name" : "2002-11-21",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name" : "VU#457875",
"refsource" : "CERT-VN",
"url" : "http://www.kb.cert.org/vuls/id/457875"
},
{
"name" : "HPSBUX02117",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/434523/100/0/threaded"
},
{
"name" : "SSRT2400",
"refsource" : "HP",
"url" : "http://www.securityfocus.com/archive/1/434523/100/0/threaded"
},
{
"name" : "ADV-2006-1923",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2006/1923"
},
{
"name" : "20217",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/20217"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20217",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20217"
},
{
"name": "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf",
"refsource": "MISC",
"url": "http://www.imconf.net/imw-2002/imw2002-papers/198.pdf"
},
{
"name": "HPSBUX02117",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/434523/100/0/threaded"
},
{
"name": "http://www.kb.cert.org/vuls/id/IAFY-5FDPYP",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/IAFY-5FDPYP"
},
{
"name": "VU#457875",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/457875"
},
{
"name": "SSRT2400",
"refsource": "HP",
"url": "http://www.securityfocus.com/archive/1/434523/100/0/threaded"
},
{
"name": "ADV-2006-1923",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1923"
},
{
"name": "2002-11-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html"
},
{
"name": "http://www.kb.cert.org/vuls/id/IAFY-5FDT4U",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/IAFY-5FDT4U"
},
{
"name": "http://www.kb.cert.org/vuls/id/IAFY-5FZSLQ",
"refsource": "MISC",
"url": "http://www.kb.cert.org/vuls/id/IAFY-5FZSLQ"
},
{
"name": "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html",
"refsource": "MISC",
"url": "http://www.rnp.br/cais/alertas/2002/cais-ALR-19112002a.html"
}
]
}
}

150
2005/0xxx/CVE-2005-0340.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0340",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0340",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050208 AppleFileServer Denial of Service.",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=110791369419784&w=2"
},
{
"name" : "APPLE-SA-2005-03-21",
"refsource" : "APPLE",
"url" : "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name" : "12478",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/12478"
},
{
"name" : "Applefileserver-fploginext-dos(19263)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/19263"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050208 AppleFileServer Denial of Service.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=110791369419784&w=2"
},
{
"name": "12478",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12478"
},
{
"name": "APPLE-SA-2005-03-21",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html"
},
{
"name": "Applefileserver-fploginext-dos(19263)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19263"
}
]
}
}

190
2005/0xxx/CVE-2005-0373.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0373",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0373",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markup",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markup"
},
{
"name" : "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171"
},
{
"name" : "[openbsd-ports] 20040717 UPDATE: cyrus-sasl-2.1.19",
"refsource" : "MLIST",
"url" : "http://www.monkey.org/openbsd/archive/ports/0407/msg00265.html"
},
{
"name" : "GLSA-200410-05",
"refsource" : "GENTOO",
"url" : "http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml"
},
{
"name" : "MDKSA-2005:054",
"refsource" : "MANDRAKE",
"url" : "http://www.mandriva.com/security/advisories?name=MDKSA-2005:054"
},
{
"name" : "SUSE-SR:2005:006",
"refsource" : "SUSE",
"url" : "http://www.linuxcompatible.org/print42495.html"
},
{
"name" : "11347",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/11347"
},
{
"name" : "cyrus-sasl-digestmda5-bo(17642)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/17642"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2005:006",
"refsource": "SUSE",
"url": "http://www.linuxcompatible.org/print42495.html"
},
{
"name": "MDKSA-2005:054",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:054"
},
{
"name": "[openbsd-ports] 20040717 UPDATE: cyrus-sasl-2.1.19",
"refsource": "MLIST",
"url": "http://www.monkey.org/openbsd/archive/ports/0407/msg00265.html"
},
{
"name": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markup",
"refsource": "CONFIRM",
"url": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markup"
},
{
"name": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171",
"refsource": "CONFIRM",
"url": "https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171"
},
{
"name": "11347",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11347"
},
{
"name": "GLSA-200410-05",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml"
},
{
"name": "cyrus-sasl-digestmda5-bo(17642)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17642"
}
]
}
}

130
2005/0xxx/CVE-2005-0649.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0649",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via \"hexadecimal HTML entities.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0649",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://pixel-apes.com/safehtml/feed",
"refsource" : "CONFIRM",
"url" : "http://pixel-apes.com/safehtml/feed"
},
{
"name" : "13869",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/13869"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via \"hexadecimal HTML entities.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "13869",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13869"
},
{
"name": "http://pixel-apes.com/safehtml/feed",
"refsource": "CONFIRM",
"url": "http://pixel-apes.com/safehtml/feed"
}
]
}
}

180
2005/0xxx/CVE-2005-0817.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-0817",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0817",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20040615 Symantec Enterprise Firewall DNSD cache poisoning Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://archives.neohapsis.com/archives/bugtraq/2004-06/0225.html"
},
{
"name" : "http://www.isc.sans.org/diary.php?date=2005-03-04",
"refsource" : "MISC",
"url" : "http://www.isc.sans.org/diary.php?date=2005-03-04"
},
{
"name" : "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html",
"refsource" : "CONFIRM",
"url" : "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html"
},
{
"name" : "1013451",
"refsource" : "SECTRACK",
"url" : "http://securitytracker.com/id?1013451"
},
{
"name" : "14595",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/14595"
},
{
"name" : "sef-dns-spoofing(16423)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/16423"
},
{
"name" : "symantec-dnsdproxy-redirect(44530)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/44530"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "sef-dns-spoofing(16423)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16423"
},
{
"name": "http://www.isc.sans.org/diary.php?date=2005-03-04",
"refsource": "MISC",
"url": "http://www.isc.sans.org/diary.php?date=2005-03-04"
},
{
"name": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html",
"refsource": "CONFIRM",
"url": "http://securityresponse.symantec.com/avcenter/security/Content/2005.03.15.html"
},
{
"name": "symantec-dnsdproxy-redirect(44530)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44530"
},
{
"name": "1013451",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013451"
},
{
"name": "20040615 Symantec Enterprise Firewall DNSD cache poisoning Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0225.html"
},
{
"name": "14595",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/14595"
}
]
}
}

120
2005/1xxx/CVE-2005-1400.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1400",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1400",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "FreeBSD-SA-05:07",
"refsource" : "FREEBSD",
"url" : "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-05:07",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:07.ldt.asc"
}
]
}
}

150
2005/1xxx/CVE-2005-1453.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1453",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1453",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt",
"refsource" : "CONFIRM",
"url" : "http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt"
},
{
"name" : "20050504 leafnode security announcement leafnode-SA-2005-01",
"refsource" : "VULNWATCH",
"url" : "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0037.html"
},
{
"name" : "ADV-2005-0468",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0468"
},
{
"name" : "15252",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15252"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt",
"refsource": "CONFIRM",
"url": "http://leafnode.sourceforge.net/leafnode-SA-2005-01.txt"
},
{
"name": "ADV-2005-0468",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0468"
},
{
"name": "20050504 leafnode security announcement leafnode-SA-2005-01",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2005-q2/0037.html"
},
{
"name": "15252",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15252"
}
]
}
}

170
2005/1xxx/CVE-2005-1708.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2005-1708",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1708",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20050524 Blue Coat Reporter multiple remote vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://marc.info/?l=bugtraq&m=111695726810435&w=2"
},
{
"name" : "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html",
"refsource" : "CONFIRM",
"url" : "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html"
},
{
"name" : "13723",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/13723"
},
{
"name" : "ADV-2005-0589",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2005/0589"
},
{
"name" : "16763",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/16763"
},
{
"name" : "15452",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/15452"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "templates.admin.users.user_form_processing in Blue Coat Reporter before 7.1.2 allows authenticated users to gain administrator privileges via an HTTP POST that sets volatile.user.administrator to true."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15452",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15452"
},
{
"name": "20050524 Blue Coat Reporter multiple remote vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=111695726810435&w=2"
},
{
"name": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html",
"refsource": "CONFIRM",
"url": "http://www.bluecoat.com/support/knowledge/advisory_reporter_711_vulnerabilities.html"
},
{
"name": "16763",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16763"
},
{
"name": "13723",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13723"
},
{
"name": "ADV-2005-0589",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/0589"
}
]
}
}

180
2009/0xxx/CVE-2009-0039.json
View File

@ -1,92 +1,92 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0039",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20090416 [DSECRG-09-020] Apache Geronimo - XSRF vulnerabilities",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/502735/100/0/threaded"
},
{
"name" : "http://dsecrg.com/pages/vul/show.php?id=120",
"refsource" : "MISC",
"url" : "http://dsecrg.com/pages/vul/show.php?id=120"
},
{
"name" : "http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214",
"refsource" : "CONFIRM",
"url" : "http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214"
},
{
"name" : "http://issues.apache.org/jira/browse/GERONIMO-4597",
"refsource" : "CONFIRM",
"url" : "http://issues.apache.org/jira/browse/GERONIMO-4597"
},
{
"name" : "34562",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34562"
},
{
"name" : "34715",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34715"
},
{
"name" : "ADV-2009-1089",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1089"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Apache Geronimo Application Server 2.1 through 2.1.3 allow remote attackers to hijack the authentication of administrators for requests that (1) change the web administration password, (2) upload applications, and perform unspecified other administrative actions, as demonstrated by (3) a Shutdown request to console/portal//Server/Shutdown."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214",
"refsource": "CONFIRM",
"url": "http://geronimo.apache.org/21x-security-report.html#2.1.xSecurityReport-214"
},
{
"name": "ADV-2009-1089",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1089"
},
{
"name": "34562",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34562"
},
{
"name": "http://issues.apache.org/jira/browse/GERONIMO-4597",
"refsource": "CONFIRM",
"url": "http://issues.apache.org/jira/browse/GERONIMO-4597"
},
{
"name": "34715",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34715"
},
{
"name": "20090416 [DSECRG-09-020] Apache Geronimo - XSRF vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/502735/100/0/threaded"
},
{
"name": "http://dsecrg.com/pages/vul/show.php?id=120",
"refsource": "MISC",
"url": "http://dsecrg.com/pages/vul/show.php?id=120"
}
]
}
}

170
2009/0xxx/CVE-2009-0052.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0052",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20091110 Atheros Driver Reserved Frame Vulnerability",
"refsource" : "BUGTRAQ",
"url" : "http://www.securityfocus.com/archive/1/507777/100/0/threaded"
},
{
"name" : "36991",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36991"
},
{
"name" : "59880",
"refsource" : "OSVDB",
"url" : "http://www.osvdb.org/59880"
},
{
"name" : "37344",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37344"
},
{
"name" : "ADV-2009-3212",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/3212"
},
{
"name" : "netgear-wndap330-frame-dos(54216)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access point with firmware 2.1.11 and other versions before 3.0.3 on the Atheros AR9160-BC1A chipset, and other products, allows remote authenticated users to cause a denial of service (device reboot or hang) and possibly execute arbitrary code via a truncated reserved management frame."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36991",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36991"
},
{
"name": "20091110 Atheros Driver Reserved Frame Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/507777/100/0/threaded"
},
{
"name": "ADV-2009-3212",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/3212"
},
{
"name": "37344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37344"
},
{
"name": "59880",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/59880"
},
{
"name": "netgear-wndap330-frame-dos(54216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54216"
}
]
}
}

150
2009/0xxx/CVE-2009-0406.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0406",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "7892",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/7892"
},
{
"name" : "33484",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/33484"
},
{
"name" : "ADV-2009-0265",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0265"
},
{
"name" : "communitycms-index-sql-injection(48304)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48304"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in index.php in Community CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "7892",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7892"
},
{
"name": "33484",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33484"
},
{
"name": "communitycms-index-sql-injection(48304)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48304"
},
{
"name": "ADV-2009-0265",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0265"
}
]
}
}

190
2009/0xxx/CVE-2009-0784.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-0784",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-0784",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm",
"refsource" : "CONFIRM",
"url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm"
},
{
"name" : "DSA-1755",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1755"
},
{
"name" : "RHSA-2009:0373",
"refsource" : "REDHAT",
"url" : "http://www.redhat.com/support/errata/RHSA-2009-0373.html"
},
{
"name" : "oval:org.mitre.oval:def:11613",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11613"
},
{
"name" : "34441",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34441"
},
{
"name" : "34479",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34479"
},
{
"name" : "34548",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34548"
},
{
"name" : "ADV-2009-0907",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/0907"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the SystemTap stap tool 0.0.20080705 and 0.0.20090314 allows local users in the stapusr group to insert arbitrary SystemTap kernel modules and gain privileges via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-1755",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1755"
},
{
"name": "34479",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34479"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2009-110.htm"
},
{
"name": "oval:org.mitre.oval:def:11613",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11613"
},
{
"name": "RHSA-2009:0373",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0373.html"
},
{
"name": "34548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34548"
},
{
"name": "ADV-2009-0907",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0907"
},
{
"name": "34441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34441"
}
]
}
}

34
2009/1xxx/CVE-2009-1199.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1199",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1199",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

170
2009/1xxx/CVE-2009-1390.json
View File

@ -1,87 +1,87 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1390",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2009-1390",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/06/10/2"
},
{
"name" : "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a",
"refsource" : "CONFIRM",
"url" : "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a"
},
{
"name" : "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770",
"refsource" : "CONFIRM",
"url" : "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770"
},
{
"name" : "FEDORA-2009-6465",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html"
},
{
"name" : "35288",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35288"
},
{
"name" : "mutt-x509-security-bypass(51068)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trusted servers via a man-in-the-middle attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35288",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35288"
},
{
"name": "FEDORA-2009-6465",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-June/msg00715.html"
},
{
"name": "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a",
"refsource": "CONFIRM",
"url": "http://dev.mutt.org/hg/mutt/rev/64bf199c8d8a"
},
{
"name": "mutt-x509-security-bypass(51068)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51068"
},
{
"name": "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770",
"refsource": "CONFIRM",
"url": "http://dev.mutt.org/hg/mutt/rev/8f11dd00c770"
},
{
"name": "[oss-security] 20090610 Mutt 1.5.19 SSL chain verification flaw",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/06/10/2"
}
]
}
}

140
2009/1xxx/CVE-2009-1544.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1544",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka \"Workstation Service Memory Corruption Vulnerability.\""
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2009-1544",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "MS09-041",
"refsource" : "MS",
"url" : "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-041"
},
{
"name" : "TA09-223A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
},
{
"name" : "oval:org.mitre.oval:def:6286",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6286"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka \"Workstation Service Memory Corruption Vulnerability.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "TA09-223A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-223A.html"
},
{
"name": "MS09-041",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-041"
},
{
"name": "oval:org.mitre.oval:def:6286",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6286"
}
]
}
}

190
2009/1xxx/CVE-2009-1573.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1573",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1573",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/05/05/2"
},
{
"name" : "[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/05/05/4"
},
{
"name" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678",
"refsource" : "CONFIRM",
"url" : "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678"
},
{
"name" : "USN-939-1",
"refsource" : "UBUNTU",
"url" : "http://www.ubuntu.com/usn/USN-939-1"
},
{
"name" : "34828",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34828"
},
{
"name" : "39834",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/39834"
},
{
"name" : "ADV-2010-1185",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2010/1185"
},
{
"name" : "xvfbrun-magiccookie-info-disclosure(50348)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly other operating systems place the magic cookie (MCOOKIE) on the command line, which allows local users to gain privileges by listing the process and its arguments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20090505 CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/05/2"
},
{
"name": "[oss-security] 20090505 Re: CVE id request: Debian/Ubuntu specific issue in xvfb-run (xorg)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/05/4"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=526678"
},
{
"name": "39834",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39834"
},
{
"name": "34828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34828"
},
{
"name": "xvfbrun-magiccookie-info-disclosure(50348)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50348"
},
{
"name": "ADV-2010-1185",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/1185"
},
{
"name": "USN-939-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-939-1"
}
]
}
}

250
2009/1xxx/CVE-2009-1759.json
View File

@ -1,127 +1,127 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1759",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1759",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8470",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8470"
},
{
"name" : "[oss-security] 20090520 CVE request: ctorrent",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2009/05/20/3"
},
{
"name" : "http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch",
"refsource" : "CONFIRM",
"url" : "http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch"
},
{
"name" : "http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959",
"refsource" : "CONFIRM",
"url" : "http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959"
},
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=501813",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=501813"
},
{
"name" : "DSA-1817",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2009/dsa-1817"
},
{
"name" : "FEDORA-2009-8897",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01010.html"
},
{
"name" : "FEDORA-2009-8969",
"refsource" : "FEDORA",
"url" : "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01102.html"
},
{
"name" : "34584",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/34584"
},
{
"name" : "34752",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/34752"
},
{
"name" : "35499",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/35499"
},
{
"name" : "36471",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/36471"
},
{
"name" : "ADV-2009-1092",
"refsource" : "VUPEN",
"url" : "http://www.vupen.com/english/advisories/2009/1092"
},
{
"name" : "ctorrent-btfiles-bo(49959)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/49959"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2009-8969",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01102.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=501813",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=501813"
},
{
"name": "ADV-2009-1092",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/1092"
},
{
"name": "http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch",
"refsource": "CONFIRM",
"url": "http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch"
},
{
"name": "8470",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8470"
},
{
"name": "ctorrent-btfiles-bo(49959)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49959"
},
{
"name": "34752",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34752"
},
{
"name": "[oss-security] 20090520 CVE request: ctorrent",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/05/20/3"
},
{
"name": "34584",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34584"
},
{
"name": "DSA-1817",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1817"
},
{
"name": "FEDORA-2009-8897",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01010.html"
},
{
"name": "36471",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/36471"
},
{
"name": "35499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35499"
},
{
"name": "http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959"
}
]
}
}

130
2009/1xxx/CVE-2009-1848.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1848",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1848",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "8814",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/8814"
},
{
"name" : "35118",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/35118"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or com_agoragroup) component 0.3.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a groupdetail action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35118",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35118"
},
{
"name": "8814",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/8814"
}
]
}
}

160
2009/1xxx/CVE-2009-1994.json
View File

@ -1,82 +1,82 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2009-1994",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to MDSYS.PRVT_CMT_CBK."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2009-1994",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
},
{
"name" : "TA09-294A",
"refsource" : "CERT",
"url" : "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
},
{
"name" : "36744",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/36744"
},
{
"name" : "1023057",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1023057"
},
{
"name" : "37027",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/37027"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to MDSYS.PRVT_CMT_CBK."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36744",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/36744"
},
{
"name": "37027",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/37027"
},
{
"name": "1023057",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023057"
},
{
"name": "TA09-294A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA09-294A.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2009-096303.html"
}
]
}
}

140
2012/2xxx/CVE-2012-2017.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2017",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-One C410 printers allows remote attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-2017",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBPI02794",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02931414"
},
{
"name" : "SSRT100542",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02931414"
},
{
"name" : "1027213",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027213"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510, Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-One C410 printers allows remote attackers to cause a denial of service via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBPI02794",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02931414"
},
{
"name": "SSRT100542",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02931414"
},
{
"name": "1027213",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027213"
}
]
}
}

140
2012/2xxx/CVE-2012-2049.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2049",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "psirt@adobe.com",
"ID": "CVE-2012-2049",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource" : "CONFIRM",
"url" : "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
},
{
"name" : "GLSA-201308-03",
"refsource" : "GENTOO",
"url" : "http://security.gentoo.org/glsa/glsa-201308-03.xml"
},
{
"name" : "oval:org.mitre.oval:def:15463",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15463"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oval:org.mitre.oval:def:15463",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15463"
},
{
"name": "http://www.adobe.com/support/security/bulletins/apsb12-16.html",
"refsource": "CONFIRM",
"url": "http://www.adobe.com/support/security/bulletins/apsb12-16.html"
},
{
"name": "GLSA-201308-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-201308-03.xml"
}
]
}
}

260
2012/2xxx/CVE-2012-2625.json
View File

@ -1,132 +1,132 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-2625",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20121026 Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/10/26/3"
},
{
"name" : "http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817",
"refsource" : "MISC",
"url" : "http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817"
},
{
"name" : "http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe",
"refsource" : "CONFIRM",
"url" : "http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe"
},
{
"name" : "RHSA-2012:1130",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1130.html"
},
{
"name" : "openSUSE-SU-2012:1172",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html"
},
{
"name" : "openSUSE-SU-2012:1174",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html"
},
{
"name" : "SUSE-SU-2012:1043",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html"
},
{
"name" : "SUSE-SU-2012:1044",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html"
},
{
"name" : "SUSE-SU-2012:1135",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html"
},
{
"name" : "openSUSE-SU-2012:1572",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
},
{
"name" : "openSUSE-SU-2012:1573",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
},
{
"name" : "53650",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/53650"
},
{
"name" : "1027090",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027090"
},
{
"name" : "49184",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/49184"
},
{
"name" : "51413",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51413"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PyGrub boot loader in Xen unstable before changeset 25589:60f09d1ab1fe, 4.2.x, and 4.1.x allows local para-virtualized guest users to cause a denial of service (memory consumption) via a large (1) bzip2 or (2) lzma compressed kernel image."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20121026 Xen Security Advisory 25 (CVE-2012-4544) - Xen domain builder Out-of-memory due to malicious kernel/ramdisk",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/3"
},
{
"name": "RHSA-2012:1130",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1130.html"
},
{
"name": "51413",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51413"
},
{
"name": "http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817",
"refsource": "MISC",
"url": "http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817"
},
{
"name": "SUSE-SU-2012:1135",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html"
},
{
"name": "SUSE-SU-2012:1044",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00025.html"
},
{
"name": "53650",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53650"
},
{
"name": "openSUSE-SU-2012:1572",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html"
},
{
"name": "1027090",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027090"
},
{
"name": "SUSE-SU-2012:1043",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00024.html"
},
{
"name": "openSUSE-SU-2012:1174",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html"
},
{
"name": "http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe",
"refsource": "CONFIRM",
"url": "http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe"
},
{
"name": "openSUSE-SU-2012:1573",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html"
},
{
"name": "49184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49184"
},
{
"name": "openSUSE-SU-2012:1172",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html"
}
]
}
}

430
2012/3xxx/CVE-2012-3143.json
View File

@ -1,217 +1,217 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3143",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3143",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"name" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource" : "CONFIRM",
"url" : "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620037"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21631786"
},
{
"name" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html",
"refsource" : "CONFIRM",
"url" : "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html"
},
{
"name" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620575",
"refsource" : "CONFIRM",
"url" : "http://www-01.ibm.com/support/docview.wss?uid=swg21620575"
},
{
"name" : "HPSBUX02832",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2"
},
{
"name" : "SSRT101042",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=135542848327757&w=2"
},
{
"name" : "HPSBOV02833",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2"
},
{
"name" : "SSRT101043",
"refsource" : "HP",
"url" : "http://marc.info/?l=bugtraq&m=135758563611658&w=2"
},
{
"name" : "RHSA-2012:1391",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
},
{
"name" : "RHSA-2012:1392",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1392.html"
},
{
"name" : "RHSA-2012:1465",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1465.html"
},
{
"name" : "RHSA-2012:1466",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"name" : "RHSA-2012:1467",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"name" : "RHSA-2013:1455",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name" : "RHSA-2013:1456",
"refsource" : "REDHAT",
"url" : "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name" : "SUSE-SU-2012:1398",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
},
{
"name" : "SUSE-SU-2012:1595",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html"
},
{
"name" : "SUSE-SU-2012:1489",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html"
},
{
"name" : "56055",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56055"
},
{
"name" : "oval:org.mitre.oval:def:16686",
"refsource" : "OVAL",
"url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16686"
},
{
"name" : "51141",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51141"
},
{
"name" : "51315",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51315"
},
{
"name" : "51326",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51326"
},
{
"name" : "51327",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51327"
},
{
"name" : "51328",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51328"
},
{
"name" : "51390",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51390"
},
{
"name" : "51438",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51438"
},
{
"name" : "javaruntimeenvironment-jmx-cve20123143(79419)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/79419"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SU-2012:1398",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00016.html"
},
{
"name": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html",
"refsource": "CONFIRM",
"url": "http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-023/index.html"
},
{
"name": "RHSA-2012:1466",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1466.html"
},
{
"name": "51315",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51315"
},
{
"name": "51438",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51438"
},
{
"name": "51141",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51141"
},
{
"name": "SSRT101043",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21621154"
},
{
"name": "56055",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56055"
},
{
"name": "RHSA-2013:1455",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1455.html"
},
{
"name": "RHSA-2012:1391",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1391.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620037"
},
{
"name": "HPSBOV02833",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=135758563611658&w=2"
},
{
"name": "oval:org.mitre.oval:def:16686",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16686"
},
{
"name": "51390",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51390"
},
{
"name": "RHSA-2012:1392",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1392.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21631786"
},
{
"name": "SUSE-SU-2012:1489",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00010.html"
},
{
"name": "SUSE-SU-2012:1595",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00022.html"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21616490"
},
{
"name": "51327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51327"
},
{
"name": "RHSA-2012:1467",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1467.html"
},
{
"name": "RHSA-2012:1465",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1465.html"
},
{
"name": "51328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51328"
},
{
"name": "http://www-01.ibm.com/support/docview.wss?uid=swg21620575",
"refsource": "CONFIRM",
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21620575"
},
{
"name": "SSRT101042",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2"
},
{
"name": "RHSA-2013:1456",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-1456.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2012-1515924.html"
},
{
"name": "51326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51326"
},
{
"name": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"refsource": "CONFIRM",
"url": "http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf"
},
{
"name": "javaruntimeenvironment-jmx-cve20123143(79419)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/79419"
},
{
"name": "HPSBUX02832",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq&m=135542848327757&w=2"
}
]
}
}

150
2012/3xxx/CVE-2012-3198.json
View File

@ -1,77 +1,77 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3198",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Query."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2012-3198",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource" : "CONFIRM",
"url" : "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name" : "MDVSA-2013:150",
"refsource" : "MANDRIVA",
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
},
{
"name" : "1027671",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027671"
},
{
"name" : "51001",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/51001"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Query."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51001"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html"
},
{
"name": "1027671",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027671"
},
{
"name": "MDVSA-2013:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
}
]
}
}

140
2012/3xxx/CVE-2012-3255.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3255",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"ID": "CVE-2012-3255",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBMU02811",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03475750"
},
{
"name" : "SSRT100937",
"refsource" : "HP",
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03475750"
},
{
"name" : "85250",
"refsource" : "OSVDB",
"url" : "http://osvdb.org/85250"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in HP Business Availability Center (BAC) 8.07 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SSRT100937",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03475750"
},
{
"name": "HPSBMU02811",
"refsource": "HP",
"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03475750"
},
{
"name": "85250",
"refsource": "OSVDB",
"url": "http://osvdb.org/85250"
}
]
}
}

190
2012/3xxx/CVE-2012-3441.json
View File

@ -1,97 +1,97 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-3441",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-3441",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[oss-security] 20120730 CVE Request: icinga sample db creation scripts",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/07/30/6"
},
{
"name" : "[oss-security] 20120730 Re: CVE Request: icinga sample db creation scripts",
"refsource" : "MLIST",
"url" : "http://www.openwall.com/lists/oss-security/2012/07/30/7"
},
{
"name" : "https://bugzilla.novell.com/show_bug.cgi?id=767319",
"refsource" : "MISC",
"url" : "https://bugzilla.novell.com/show_bug.cgi?id=767319"
},
{
"name" : "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=712813d3118a5b9e5a496179cab81dbe91f69d63",
"refsource" : "CONFIRM",
"url" : "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=712813d3118a5b9e5a496179cab81dbe91f69d63"
},
{
"name" : "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=dcd45fb6931c4abf710829bee21af09f842bc281",
"refsource" : "CONFIRM",
"url" : "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=dcd45fb6931c4abf710829bee21af09f842bc281"
},
{
"name" : "https://git.icinga.org/?p=icinga-doc.git;a=commitdiff;h=619a08ca1178144b8a3a5caafff32a2d3918edab",
"refsource" : "CONFIRM",
"url" : "https://git.icinga.org/?p=icinga-doc.git;a=commitdiff;h=619a08ca1178144b8a3a5caafff32a2d3918edab"
},
{
"name" : "openSUSE-SU-2012:0968",
"refsource" : "SUSE",
"url" : "http://lists.opensuse.org/opensuse-updates/2012-08/msg00012.html"
},
{
"name" : "icinga-database-sec-bypass(78874)",
"refsource" : "XF",
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/78874"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The database creation script (module/idoutils/db/scripts/create_mysqldb.sh) in Icinga 1.7.1 grants access to all databases to the icinga user, which allows icinga users to access other databases via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20120730 Re: CVE Request: icinga sample db creation scripts",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/30/7"
},
{
"name": "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=dcd45fb6931c4abf710829bee21af09f842bc281",
"refsource": "CONFIRM",
"url": "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=dcd45fb6931c4abf710829bee21af09f842bc281"
},
{
"name": "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=712813d3118a5b9e5a496179cab81dbe91f69d63",
"refsource": "CONFIRM",
"url": "https://git.icinga.org/?p=icinga-core.git;a=commitdiff;h=712813d3118a5b9e5a496179cab81dbe91f69d63"
},
{
"name": "[oss-security] 20120730 CVE Request: icinga sample db creation scripts",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/07/30/6"
},
{
"name": "icinga-database-sec-bypass(78874)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/78874"
},
{
"name": "https://git.icinga.org/?p=icinga-doc.git;a=commitdiff;h=619a08ca1178144b8a3a5caafff32a2d3918edab",
"refsource": "CONFIRM",
"url": "https://git.icinga.org/?p=icinga-doc.git;a=commitdiff;h=619a08ca1178144b8a3a5caafff32a2d3918edab"
},
{
"name": "openSUSE-SU-2012:0968",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2012-08/msg00012.html"
},
{
"name": "https://bugzilla.novell.com/show_bug.cgi?id=767319",
"refsource": "MISC",
"url": "https://bugzilla.novell.com/show_bug.cgi?id=767319"
}
]
}
}

140
2012/4xxx/CVE-2012-4348.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-4348",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-4348",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00",
"refsource" : "CONFIRM",
"url" : "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00"
},
{
"name" : "56846",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/56846"
},
{
"name" : "1027863",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id?1027863"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The management console in Symantec Endpoint Protection (SEP) 11.0 before RU7-MP3 and 12.1 before RU2, and Symantec Endpoint Protection Small Business Edition 12.x before 12.1 RU2, does not properly validate input for PHP scripts, which allows remote authenticated users to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00",
"refsource": "CONFIRM",
"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2012&suid=20121210_00"
},
{
"name": "56846",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56846"
},
{
"name": "1027863",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1027863"
}
]
}
}

130
2012/6xxx/CVE-2012-6521.json
View File

@ -1,67 +1,67 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2012-6521",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6521",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://packetstormsecurity.org/files/115253/Elefant-CMS-1.2.0-Cross-Site-Scripting.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.org/files/115253/Elefant-CMS-1.2.0-Cross-Site-Scripting.html"
},
{
"name" : "48118",
"refsource" : "SECUNIA",
"url" : "http://secunia.com/advisories/48118"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in apps/admin/handlers/versions.php in Elefant CMS 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter to admin/versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.org/files/115253/Elefant-CMS-1.2.0-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.org/files/115253/Elefant-CMS-1.2.0-Cross-Site-Scripting.html"
},
{
"name": "48118",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/48118"
}
]
}
}

210
2015/5xxx/CVE-2015-5161.json
View File

@ -1,107 +1,107 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2015-5161",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-5161",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "37765",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/37765/"
},
{
"name" : "20150813 Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM",
"refsource" : "FULLDISC",
"url" : "http://seclists.org/fulldisclosure/2015/Aug/46"
},
{
"name" : "http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt",
"refsource" : "MISC",
"url" : "http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt"
},
{
"name" : "http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html",
"refsource" : "MISC",
"url" : "http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html"
},
{
"name" : "http://framework.zend.com/security/advisory/ZF2015-06",
"refsource" : "CONFIRM",
"url" : "http://framework.zend.com/security/advisory/ZF2015-06"
},
{
"name" : "DSA-3340",
"refsource" : "DEBIAN",
"url" : "http://www.debian.org/security/2015/dsa-3340"
},
{
"name" : "FEDORA-2015-13314",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html"
},
{
"name" : "FEDORA-2015-13488",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html"
},
{
"name" : "FEDORA-2015-13529",
"refsource" : "FEDORA",
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html"
},
{
"name" : "76177",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/76177"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/133068/Zend-Framework-2.4.2-1.12.13-XXE-Injection.html"
},
{
"name": "FEDORA-2015-13488",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165173.html"
},
{
"name": "http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt",
"refsource": "MISC",
"url": "http://legalhackers.com/advisories/zend-framework-XXE-vuln.txt"
},
{
"name": "76177",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/76177"
},
{
"name": "FEDORA-2015-13529",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165147.html"
},
{
"name": "37765",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/37765/"
},
{
"name": "FEDORA-2015-13314",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/164409.html"
},
{
"name": "DSA-3340",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3340"
},
{
"name": "http://framework.zend.com/security/advisory/ZF2015-06",
"refsource": "CONFIRM",
"url": "http://framework.zend.com/security/advisory/ZF2015-06"
},
{
"name": "20150813 Zend Framework <= 2.4.2 XML eXternal Entity Injection (XXE) on PHP FPM",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Aug/46"
}
]
}
}

140
2017/2xxx/CVE-2017-2215.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vultures@jpcert.or.jp",
"ID" : "CVE-2017-2215",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Installer of \"Setup file of advance preparation\" (jizen_setup.exe)",
"version" : {
"version_data" : [
{
"version_value" : "(The version which was available on the website prior to 2017 June 12)"
}
]
}
}
]
},
"vendor_name" : "National Tax Agency"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability in Installer of \"Setup file of advance preparation\" (jizen_setup.exe) (The version which was available on the website prior to 2017 June 12) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Untrusted search path vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Installer of \"Setup file of advance preparation\" (jizen_setup.exe)",
"version": {
"version_data": [
{
"version_value": "(The version which was available on the website prior to 2017 June 12)"
}
]
}
}
]
},
"vendor_name": "National Tax Agency"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "http://www.e-tax.nta.go.jp/topics/topics_290525.htm",
"refsource" : "MISC",
"url" : "http://www.e-tax.nta.go.jp/topics/topics_290525.htm"
},
{
"name" : "https://www.keisan.nta.go.jp/oshirase/h28info/201705.html",
"refsource" : "MISC",
"url" : "https://www.keisan.nta.go.jp/oshirase/h28info/201705.html"
},
{
"name" : "JVN#34508179",
"refsource" : "JVN",
"url" : "https://jvn.jp/en/jp/JVN34508179/index.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability in Installer of \"Setup file of advance preparation\" (jizen_setup.exe) (The version which was available on the website prior to 2017 June 12) allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted search path vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#34508179",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN34508179/index.html"
},
{
"name": "http://www.e-tax.nta.go.jp/topics/topics_290525.htm",
"refsource": "MISC",
"url": "http://www.e-tax.nta.go.jp/topics/topics_290525.htm"
},
{
"name": "https://www.keisan.nta.go.jp/oshirase/h28info/201705.html",
"refsource": "MISC",
"url": "https://www.keisan.nta.go.jp/oshirase/h28info/201705.html"
}
]
}
}

122
2017/2xxx/CVE-2017-2740.json
View File

@ -1,63 +1,63 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "hp-security-alert@hp.com",
"DATE_PUBLIC" : "2017-01-17T00:00:00",
"ID" : "CVE-2017-2740",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "HP ThinPro",
"version" : {
"version_data" : [
{
"version_value" : "6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4"
}
]
}
}
]
},
"vendor_name" : "HP Inc."
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Escalation of Privilege"
}
"CVE_data_meta": {
"ASSIGNER": "hp-security-alert@hp.com",
"DATE_PUBLIC": "2017-01-17T00:00:00",
"ID": "CVE-2017-2740",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HP ThinPro",
"version": {
"version_data": [
{
"version_value": "6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4"
}
]
}
}
]
},
"vendor_name": "HP Inc."
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "HPSBHF03553",
"refsource" : "HP",
"url" : "https://support.hp.com/us-en/document/c05379294"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escalation of Privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "HPSBHF03553",
"refsource": "HP",
"url": "https://support.hp.com/us-en/document/c05379294"
}
]
}
}

34
2017/2xxx/CVE-2017-2758.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2017-2758",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-2758",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

144
2018/11xxx/CVE-2018-11062.json
View File

@ -1,74 +1,74 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@dell.com",
"DATE_PUBLIC" : "2018-10-29T16:00:00.000Z",
"ID" : "CVE-2018-11062",
"STATE" : "PUBLIC",
"TITLE" : "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Integrated Data Protection Appliance",
"version" : {
"version_data" : [
{
"affected" : "<",
"version_name" : "2.X",
"version_value" : "2.3"
}
]
}
}
]
},
"vendor_name" : "Dell EMC"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
}
"CVE_data_meta": {
"ASSIGNER": "security_alert@emc.com",
"DATE_PUBLIC": "2018-10-29T16:00:00.000Z",
"ID": "CVE-2018-11062",
"STATE": "PUBLIC",
"TITLE": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Integrated Data Protection Appliance",
"version": {
"version_data": [
{
"affected": "<",
"version_name": "2.X",
"version_value": "2.3"
}
]
}
}
]
},
"vendor_name": "Dell EMC"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"refsource" : "FULLDISC",
"url" : "https://seclists.org/fulldisclosure/2018/Oct/53"
},
{
"name" : "105764",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/105764"
}
]
},
"source" : {
"discovery" : "UNKNOWN"
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privileges and can access certain system files only. A malicious user with the knowledge of the default passwords may potentially log in to the system and gain read and write access to certain system files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20181029 DSA-2018-136: Dell EMC Integrated Data Protection Appliance Undocumented Accounts Vulnerability",
"refsource": "FULLDISC",
"url": "https://seclists.org/fulldisclosure/2018/Oct/53"
},
{
"name": "105764",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/105764"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}

140
2018/11xxx/CVE-2018-11092.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11092",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11092",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "44624",
"refsource" : "EXPLOIT-DB",
"url" : "https://www.exploit-db.com/exploits/44624/"
},
{
"name" : "https://community.mybb.com/mods.php?action=changelog&pid=1106",
"refsource" : "CONFIRM",
"url" : "https://community.mybb.com/mods.php?action=changelog&pid=1106"
},
{
"name" : "https://github.com/vintagedaddyo/MyBB_Plugin-adminnotes/commit/3deae701cdd89753cb6688302aee5b93a72bc58b?diff=split",
"refsource" : "CONFIRM",
"url" : "https://github.com/vintagedaddyo/MyBB_Plugin-adminnotes/commit/3deae701cdd89753cb6688302aee5b93a72bc58b?diff=split"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the Admin Notes plugin 1.1 for MyBB. CSRF allows an attacker to remotely delete all admin notes via an admin/index.php?empty=table (aka Clear Table) action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://community.mybb.com/mods.php?action=changelog&pid=1106",
"refsource": "CONFIRM",
"url": "https://community.mybb.com/mods.php?action=changelog&pid=1106"
},
{
"name": "44624",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/44624/"
},
{
"name": "https://github.com/vintagedaddyo/MyBB_Plugin-adminnotes/commit/3deae701cdd89753cb6688302aee5b93a72bc58b?diff=split",
"refsource": "CONFIRM",
"url": "https://github.com/vintagedaddyo/MyBB_Plugin-adminnotes/commit/3deae701cdd89753cb6688302aee5b93a72bc58b?diff=split"
}
]
}
}

34
2018/11xxx/CVE-2018-11317.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11317",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11317",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/11xxx/CVE-2018-11844.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-11844",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-11844",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/14xxx/CVE-2018-14196.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14196",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14196",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

220
2018/14xxx/CVE-2018-14350.json
View File

@ -1,112 +1,112 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14350",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14350",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
"refsource" : "MLIST",
"url" : "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
},
{
"name" : "http://www.mutt.org/news.html",
"refsource" : "MISC",
"url" : "http://www.mutt.org/news.html"
},
{
"name" : "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485",
"refsource" : "MISC",
"url" : "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485"
},
{
"name" : "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870",
"refsource" : "MISC",
"url" : "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870"
},
{
"name" : "https://neomutt.org/2018/07/16/release",
"refsource" : "MISC",
"url" : "https://neomutt.org/2018/07/16/release"
},
{
"name" : "DSA-4277",
"refsource" : "DEBIAN",
"url" : "https://www.debian.org/security/2018/dsa-4277"
},
{
"name" : "GLSA-201810-07",
"refsource" : "GENTOO",
"url" : "https://security.gentoo.org/glsa/201810-07"
},
{
"name" : "USN-3719-1",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3719-1/"
},
{
"name" : "USN-3719-2",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3719-2/"
},
{
"name" : "USN-3719-3",
"refsource" : "UBUNTU",
"url" : "https://usn.ubuntu.com/3719-3/"
},
{
"name" : "104931",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104931"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104931",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104931"
},
{
"name": "USN-3719-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3719-3/"
},
{
"name": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870",
"refsource": "MISC",
"url": "https://gitlab.com/muttmua/mutt/commit/3287534daa3beac68e2e83ca4b4fe8a3148ff870"
},
{
"name": "DSA-4277",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4277"
},
{
"name": "USN-3719-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3719-2/"
},
{
"name": "[debian-lts-announce] 20180802 [SECURITY] [DLA 1455-1] mutt security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00001.html"
},
{
"name": "GLSA-201810-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201810-07"
},
{
"name": "http://www.mutt.org/news.html",
"refsource": "MISC",
"url": "http://www.mutt.org/news.html"
},
{
"name": "https://neomutt.org/2018/07/16/release",
"refsource": "MISC",
"url": "https://neomutt.org/2018/07/16/release"
},
{
"name": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485",
"refsource": "MISC",
"url": "https://github.com/neomutt/neomutt/commit/1b0f0d0988e6df4e32e9f4bf8780846ea95d4485"
},
{
"name": "USN-3719-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3719-1/"
}
]
}
}

120
2018/14xxx/CVE-2018-14532.json
View File

@ -1,62 +1,62 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14532",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp after a call from Mp42Hls.cpp, a related issue to CVE-2018-13846."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14532",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://github.com/axiomatic-systems/Bento4/issues/294",
"refsource" : "MISC",
"url" : "https://github.com/axiomatic-systems/Bento4/issues/294"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp after a call from Mp42Hls.cpp, a related issue to CVE-2018-13846."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/axiomatic-systems/Bento4/issues/294",
"refsource": "MISC",
"url": "https://github.com/axiomatic-systems/Bento4/issues/294"
}
]
}
}

156
2018/14xxx/CVE-2018-14644.json
View File

@ -1,80 +1,80 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "lpardo@redhat.com",
"ID" : "CVE-2018-14644",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "pdns",
"version" : {
"version_data" : [
{
"version_value" : "4.0.9"
},
{
"version_value" : "4.1.5"
}
]
}
}
]
},
"vendor_name" : "[UNKNOWN]"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail."
}
]
},
"impact" : {
"cvss" : [
[
{
"vectorString" : "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version" : "3.0"
}
]
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "CWE-20"
}
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-14644",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "pdns",
"version": {
"version_data": [
{
"version_value": "4.0.9"
},
{
"version_value": "4.1.5"
}
]
}
}
]
},
"vendor_name": "[UNKNOWN]"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14644",
"refsource" : "CONFIRM",
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14644"
},
{
"name" : "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html",
"refsource" : "CONFIRM",
"url" : "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue has been found in PowerDNS Recursor from 4.0.0 up to and including 4.1.4. A remote attacker sending a DNS query for a meta-type like OPT can lead to a zone being wrongly cached as failing DNSSEC validation. It only arises if the parent zone is signed, and all the authoritative servers for that parent zone answer with FORMERR to a query for at least one of the meta-types. As a result, subsequent queries from clients requesting DNSSEC validation will be answered with a ServFail."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html",
"refsource": "CONFIRM",
"url": "https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-07.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14644",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14644"
}
]
}
}

34
2018/14xxx/CVE-2018-14867.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-14867",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-14867",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

34
2018/15xxx/CVE-2018-15102.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15102",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15102",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

128
2018/15xxx/CVE-2018-15125.json
View File

@ -1,66 +1,66 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "vulnerability@kaspersky.com",
"DATE_PUBLIC" : "2018-08-08T00:00:00",
"ID" : "CVE-2018-15125",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Zipato Zipabox Smart Home Controller",
"version" : {
"version_data" : [
{
"version_value" : "BOARD REV - 1"
},
{
"version_value" : "SYSTEM Version -118"
}
]
}
}
]
},
"vendor_name" : "Kaspersky Lab"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Sensitive Information Disclosure"
}
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"DATE_PUBLIC": "2018-08-08T00:00:00",
"ID": "CVE-2018-15125",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Zipato Zipabox Smart Home Controller",
"version": {
"version_data": [
{
"version_value": "BOARD REV - 1"
},
{
"version_value": "SYSTEM Version -118"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-005-zipato-zipabox-sensitive-information-disclosure/",
"refsource" : "MISC",
"url" : "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-005-zipato-zipabox-sensitive-information-disclosure/"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sensitive Information Disclosure in Zipato Zipabox Smart Home Controller allows remote attacker get sensitive information that expands attack surface."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Sensitive Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-005-zipato-zipabox-sensitive-information-disclosure/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-005-zipato-zipabox-sensitive-information-disclosure/"
}
]
}
}

34
2018/15xxx/CVE-2018-15644.json
View File

@ -1,18 +1,18 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "cve@mitre.org",
"ID" : "CVE-2018-15644",
"STATE" : "RESERVED"
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-15644",
"STATE": "RESERVED"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

134
2018/20xxx/CVE-2018-20233.json
View File

@ -1,69 +1,69 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "security@atlassian.com",
"DATE_PUBLIC" : "2019-01-17T00:00:00",
"ID" : "CVE-2018-20233",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Universal Plugin Manager",
"version" : {
"version_data" : [
{
"version_affected" : "<",
"version_value" : "2.22.14"
}
]
}
}
]
},
"vendor_name" : "Atlassian"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Improper Restriction of XML External Entity Reference ('XXE')"
}
"CVE_data_meta": {
"ASSIGNER": "security@atlassian.com",
"DATE_PUBLIC": "2019-01-17T00:00:00",
"ID": "CVE-2018-20233",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Universal Plugin Manager",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "2.22.14"
}
]
}
}
]
},
"vendor_name": "Atlassian"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ecosystem.atlassian.net/browse/UPM-5964",
"refsource" : "CONFIRM",
"url" : "https://ecosystem.atlassian.net/browse/UPM-5964"
},
{
"name" : "106661",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/106661"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Upload add-on resource in Atlassian Universal Plugin Manager before version 2.22.14 allows remote attackers who have system administrator privileges to read files, make network requests and perform a denial of service attack via an XML External Entity vulnerability in the parsing of atlassian plugin xml files in an uploaded JAR."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of XML External Entity Reference ('XXE')"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "106661",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106661"
},
{
"name": "https://ecosystem.atlassian.net/browse/UPM-5964",
"refsource": "CONFIRM",
"url": "https://ecosystem.atlassian.net/browse/UPM-5964"
}
]
}
}

200
2018/8xxx/CVE-2018-8112.json
View File

@ -1,102 +1,102 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "Secure@Microsoft.com",
"ID" : "CVE-2018-8112",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Microsoft Edge",
"version" : {
"version_data" : [
{
"version_value" : "Windows 10 for 32-bit Systems"
},
{
"version_value" : "Windows 10 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value" : "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value" : "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value" : "Windows Server 2016"
}
]
}
}
]
},
"vendor_name" : "Microsoft"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This affects Microsoft Edge."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "Security Feature Bypass"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8112",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Microsoft Edge",
"version": {
"version_data": [
{
"version_value": "Windows 10 for 32-bit Systems"
},
{
"version_value": "Windows 10 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1607 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1607 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1703 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1703 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1709 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1709 for x64-based Systems"
},
{
"version_value": "Windows 10 Version 1803 for 32-bit Systems"
},
{
"version_value": "Windows 10 Version 1803 for x64-based Systems"
},
{
"version_value": "Windows Server 2016"
}
]
}
}
]
},
"vendor_name": "Microsoft"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8112",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8112"
},
{
"name" : "103963",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/103963"
},
{
"name" : "1040844",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040844"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka \"Microsoft Edge Security Feature Bypass Vulnerability.\" This affects Microsoft Edge."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Security Feature Bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8112",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8112"
},
{
"name": "103963",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103963"
},
{
"name": "1040844",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040844"
}
]
}
}

140
2018/8xxx/CVE-2018-8163.json
View File

@ -1,72 +1,72 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "secure@microsoft.com",
"ID" : "CVE-2018-8163",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "n/a"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Excel."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "n/a"
}
"CVE_data_meta": {
"ASSIGNER": "secure@microsoft.com",
"ID": "CVE-2018-8163",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8163",
"refsource" : "CONFIRM",
"url" : "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8163"
},
{
"name" : "104059",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104059"
},
{
"name" : "1040857",
"refsource" : "SECTRACK",
"url" : "http://www.securitytracker.com/id/1040857"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka \"Microsoft Excel Information Disclosure Vulnerability.\" This affects Microsoft Office, Microsoft Excel."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1040857",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040857"
},
{
"name": "104059",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104059"
},
{
"name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8163",
"refsource": "CONFIRM",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8163"
}
]
}
}

132
2018/8xxx/CVE-2018-8871.json
View File

@ -1,68 +1,68 @@
{
"CVE_data_meta" : {
"ASSIGNER" : "ics-cert@hq.dhs.gov",
"DATE_PUBLIC" : "2018-05-17T00:00:00",
"ID" : "CVE-2018-8871",
"STATE" : "PUBLIC"
},
"affects" : {
"vendor" : {
"vendor_data" : [
{
"product" : {
"product_data" : [
{
"product_name" : "Automation TPEditor",
"version" : {
"version_data" : [
{
"version_value" : "Version 1.89 or prior"
}
]
}
}
]
},
"vendor_name" : "Delta Electronics"
}
]
}
},
"data_format" : "MITRE",
"data_type" : "CVE",
"data_version" : "4.0",
"description" : {
"description_data" : [
{
"lang" : "eng",
"value" : "In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution."
}
]
},
"problemtype" : {
"problemtype_data" : [
{
"description" : [
{
"lang" : "eng",
"value" : "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"DATE_PUBLIC": "2018-05-17T00:00:00",
"ID": "CVE-2018-8871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Automation TPEditor",
"version": {
"version_data": [
{
"version_value": "Version 1.89 or prior"
}
]
}
}
]
},
"vendor_name": "Delta Electronics"
}
]
}
]
},
"references" : {
"reference_data" : [
{
"name" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-04",
"refsource" : "MISC",
"url" : "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-04"
},
{
"name" : "104216",
"refsource" : "BID",
"url" : "http://www.securityfocus.com/bid/104216"
}
]
}
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "HEAP-BASED BUFFER OVERFLOW CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104216",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104216"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-04",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-137-04"
}
]
}
}